Chapter 9
| General Security Measures
Denial of Service Protection
– 354 –
Command Usage
In these packets, SYN=1 and FIN=1.
Example
Console(config)#dos-protection syn-fin-scan
Console(config)#
dos-protection
tcp-xmas-scan
This command protects against TCP-xmas-scan in which a so-called TCP XMAS scan
message is used to identify listening TCP ports. This scan uses a series of strangely
configured TCP packets which contain a sequence number of 0 and the URG, PSH
and FIN flags. If the target's TCP port is closed, the target replies with a TCP RST
packet. If the target TCP port is open, it simply discards the TCP XMAS scan. Use the
no form to disable this feature.
Syntax
[no] dos-protection tcp-xmas-scan
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
In these packets, FIN=1, URG= 1 and PSH = 1.
Example
Console(config)#dos-protection tcp-xmas-scan
Console(config)#
show dos-protection This command shows the configuration settings for the DoS protection commands.
Command Mode
Privileged Exec
Example
Console#show dos-protection
Global DoS Protection:
LAND Attack : Enabled
TCP Null Scan : Enabled
TCP SYN/FIN Scan : Enabled
TCP XMAS Scan : Enabled
Console#
To Next Page
Loading...
