Chapter 8
| General Security Measures
Denial of Service Protection
– 294 –
Example
Console#show ip arp inspection vlan 1
VLAN ID DAI Status ACL Name ACL Status
-------- --------------- -------------------- --------------------
1 disabled sales static
Console#
Denial of Service Protection
A denial-of-service attack (DoS attack) is an attempt to block the services provided
by a computer or network resource. This kind of attack tries to prevent an Internet
site or service from functioning efficiently or at all. In general, DoS attacks are
implemented by either forcing the target to reset, to consume most of its resources
so that it can no longer provide its intended service, or to obstruct the
communication media between the intended users and the target so that they can
no longer communicate adequately.
This section describes commands used to protect against DoS attacks.
Table 57: DoS Protection Commands
Command Function Mode
Global Protection
dos-protection Enables or disables DoS protection globally GC
Protection for ICMP GC
dos-protection icmp flood Protects against ICMP flooding attacks GC
dos-protection icmp nuke Protects against ICMP nuke attacks GC
dos-protection icmp ping-of-
death
Protects against ICMP ping-of-death attacks GC
dos-protection icmp smurf Protects against smurf attacks GC
Protection for IPv4 GC
dos-protection ip invalid-
destination-ip-address
Protects against invalid IP destination address
attacks
GC
dos-protection ip invalid-header-
length
Protects against invalid IP header-length attacks GC
dos-protection ip invalid-ip-
address
Protects against attacks in which hackers replace
the source or destination IP address
GC
dos-protection ip invalid-source-
ip-address
Protects against spoofing with an invalid IP address GC
Protection for IPv6 GC
dos-protection ipv6 invalid-
destination-ip-address
Protects against invalid IPv6 destination address
attacks
GC
dos-protection ipv6 invalid-
header-length
Protects against invalid IPv6 header-length attacks GC
To Next Page
Loading...
Need help?
General
