DGS-3000 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide
328
Example
To configure land attack and blat attack prevention, the action is drop:
DGS-3000-26TC:admin#config dos_prevention dos_type land_attack blat_attack
action drop state enable
Command: config dos_prevention dos_type land_attack blat_attack action drop
state enable
Success.
show dos_prevention 28-2
Description
This command is used to display DoS prevention information, including the Trap/Log state, the
type of DoS attack, the prevention state, the corresponding action if the prevention is enabled and
the counter information of the DoS packet.
Format
show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin
| tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}
Parameters
land_attack - (Optional) Checks whether the source address is equal to destination address of a
received IP packet.
blat_attack - (Optional) Checks whether the source port is equal to destination port of a received
TCP packet.
tcp_null_scan - (Optional) Checks whether a received TCP packet contains a sequence number
of 0 and no flags
tcp_xmasscan - (Optional) Checks whether a received TCP packet contains URG, Push and
FIN flags.
tcp_synfin - (Optional) Checks whether a received TCP packet contains FIN and SYN flags.
tcp_syn_srcport_less_1024 - (Optional) Checks whether the TCP packets source ports are less
than 1024 packets.
ping_death_attack - (Optional) Detects whether received packets are fragmented ICMP
packets.
tcp_tiny_frag_attack - (Optional) Checks whether the packets are TCP tiny fragment packets.
Restrictions
None.
Example
To display DoS prevention information:
To Next Page
Loading...
