xStack
®
DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide
225
Example
To configure land attack and blat attack prevention, the action is drop:
DES-3200-28P:admin#config dos_prevention dos_type land_attack blat_attack action
drop state enable
Command: config dos_prevention dos_type land_attack blat_attack action drop
state enable
Success.
24-2 show dos_prevention
Description
This command is used to display DoS prevention information, including the Trap/Log state, the
type of DoS attack, the prevention state, the corresponding action if the prevention is enabled and
the counter information of the DoS packet.
Format
show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin
| tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}
Parameters
land_attack - (Optional) Check whether the source address is equal to destination address of a
received IP packet.
blat_attack - (Optional) Check whether the source port is equal to destination port of a received
TCP packet.
tcp_null_scan - (Optional) Check whether a received TCP packet contains a sequence number
of 0 and no flags
tcp_xmasscan - (Optional) Check whether a received TCP packet contains URG, Push and FIN
flags.
tcp_synfin - (Optional) Check whether a received TCP packet contains FIN and SYN flags.
tcp_syn_srcport_less_1024 - (Optional) Check whether the TCP packets source ports are less
than 1024 packets.
ping_death_attack - (Optional) Detect whether received packets are fragmented ICMP packets.
tcp_tiny_frag_attack - (Optional) Check whether the packets are TCP tiny fragment packets.
Restrictions
None.
Example
To display DoS prevention information:
To Next Page
Loading...
