Denial of Service (DoS) Commands
371 OL-32830-01 Command Line Interface Reference Guide
16
switchxxxxxx(config)#
security-suite dos protect add invasor-trojan
16.7 security-suite dos syn-attack
To rate limit Denial of Service (DoS) SYN attacks, use the security-suite dos
syn-attack Interface Configuration mode command. This provides partial blocking
of SNY packets (up to the rate that the user specifies).
To disable rate limiting, use the no form of this command.
Note: This feature is only supported when the device is in Layer 2 switch mode.
Syntax
security-suite dos syn-attack
syn-rate
{
any | ip-address
} {
mask
|
prefix-length
}
no security-suite dos syn-attack {
any | ip-address
} {
mask
|
prefix-length
}
Parameters
• syn-rate—Specifies the maximum number of connections per second.
(Range: 199–1000)
• any | ip-address—Specifies the destination IP address. Use any to specify
all IP addresses.
• mask—Specifies the network mask of the destination IP address.
• prefix-length—Specifies the number of bits that comprise the destination IP
address prefix. The prefix length must be preceded by a forward slash (/).
Default Configuration
No rate limit is configured.
If ip-address is unspecified, the default is 255.255.255.255
If prefix-length is unspecified, the default is 32.
Command Mode
Interface (Ethernet, Port Channel) Configuration mode
User Guidelines
For this command to work, show security-suite configuration must be enabled
both globally and for interfaces.
To Next Page
Loading...
Need help?
General
