Denial of Service (DoS) Commands
375 OL-32830-01 Command Line Interface Reference Guide
16
User Guidelines
On ports in which an ACL is defined (user-defined ACL etc.), this feature cannot block TCP SYN
packets. In case the protection mode is block but SYN Traffic cannot be blocked, a relevant
SYSLOG message will be created, e.g.: “port gi11 is under TCP SYN attack. TCP SYN traffic
cannot be blocked on this port since the port is bound to an ACL.”
Examples
Example 1: The following example sets the TCP SYN protection feature to report
TCP SYN attack on ports in case an attack is identified from these ports.
switchxxxxxx(config)#
security-suite syn protection mode report
…
01-Jan-2012 05:29:46:
A TCP SYN Attack was identified on port
gi1
1
s
Example 2: The following example sets the TCP SYN protection feature to block
TCP SYN attack on ports in case an attack is identified from these ports.
switchxxxxxx(config)#
security-suite syn protection mode block
…
01-Jan-2012 05:29:46:
A TCP SYN Attack was identified on port
gi1
1. TCP SYN
traffic destined to the local system is automatically blocked for 100
seconds.
16.10 security-suite syn protection recovery
To set the time period for the SYN Protection feature to block an attacked
interface, use the security-suite syn protection period Global Configuration mode
command.
To set the time period to its default value, use the no form of this command.
Syntax
security-suite syn protection recovery timeout
no security-suite syn protection recovery
To Next Page
Loading...
