Chapter 9
| General Security Measures
Denial of Service Protection
– 316 –
Command Mode
Global Configuration
Example
Console(config)#dos-protection tcp-flooding bit-rate-in-kilo 65
Console(config)#
dos-protection
tcp-null-scan
This command protects against DoS TCP-null-scan attacks in which a TCP NULL
scan message is used to identify listening TCP ports. The scan uses a series of
strangely configured TCP packets which contain a sequence number of 0 and no
flags. If the target's TCP port is closed, the target replies with a TCP RST (reset)
packet. If the target TCP port is open, it simply discards the TCP NULL scan. Use the
no
form to disable this feature.
Syntax
[
no
]
dos-protection tcp-null-scan
Default Setting
Disabled
Command Mode
Global Configuration
Example
Console(config)#dos-protection tcp-null-scan
Console(config)#
dos-protection
tcp-syn-fin-scan
This command protects against DoS TCP-SYN/FIN-scan attacks in which a TCP SYN/
FIN scan message is used to identify listening TCP ports. The scan uses a series of
strangely configured TCP packets which contain SYN (synchronize) and FIN (finish)
flags. If the target's TCP port is closed, the target replies with a TCP RST (reset)
packet. If the target TCP port is open, it simply discards the TCP SYN FIN scan. Use
the
no
form to disable this feature.
Syntax
[
no
]
dos-protection tcp-syn-fin-scan
Default Setting
Disabled
Command Mode
Global Configuration
To Next Page
Loading...
Need help?
General