C
HAPTER
24
| General Security Measures
Denial of Service Protection
– 934 –
DEFAULT SETTING
Disabled, 1000 kbits/second
COMMAND MODE
Global Configuration
EXAMPLE
Console(config)#dos-protection echo-chargen 65
Console(config)#
dos-protection
smurf
This command protects against DoS smurf attacks in which a perpetrator
generates a large amount of spoofed ICMP Echo Request traffic to the
broadcast destination IP address (255.255.255.255), all of which uses a
spoofed source address of the intended victim. The victim should crash due
to the many interrupts required to send ICMP Echo response packets. Use
the no form to disable this feature.
SYNTAX
[no] dos-protection smurf
DEFAULT SETTING
Enabled
COMMAND MODE
Global Configuration
EXAMPLE
Console(config)#dos-protection smurf
Console(config)#
dos-protection
tcp-flooding
This command protects against DoS TCP-flooding attacks in which a
perpetrator sends a succession of TCP SYN requests (with or without a
spoofed-Source IP) to a target and never returns ACK packets. These
half-open connections will bind resources on the target, and no new
connections can be made, resulting in a denial of service. Use the no form
to disable this feature.
SYNTAX
dos-protection tcp-flooding [bit-rate-in-kilo rate]
no dos-protection tcp-flooding
rate – Maximum allowed rate. (Range: 64-2000 kbits/second)
DEFAULT SETTING
Disabled, 1000 kbits/second
To Next Page
Loading...
Need help?
General
