Chapter 8
| General Security Measures
Denial of Service Protection
– 295 –
Global Protection
dos-protection This command enables DoS protection globally on the switch.
Syntax
[no] dos-protection
Default Setting
Disabled
dos-protection ipv6 invalid-ip-
address
Protects against attacks in which hackers replace
the source or destination IP address
GC
dos-protection ipv6 invalid-
source-ip-address
Protects against spoofing with an invalid IPv6
address
GC
Protection for TCP GC
dos-protection tcp blat-block Protects against TCP blat attacks GC
dos-protection tcp invalid-header-
length
Protects against invalid TCP header-length attacks GC
dos-protection tcp null-scan Protects against TCP-null-scan attacks GC
dos-protection tcp syn-ack-psh-
block
Protects against attacks in which a TCP SYN/ACK/
PSH message sequence is used
GC
dos-protection tcp syn-fin-scan Protects against TCP SYN/FIN-scan attacks GC
dos-protection tcp syn-flood Protects against TCP SYN flooding attacks GC
dos-protection tcp syn-psh-block Protects against attacks in which a TCP SYN/PSH
message is used
GC
dos-protection tcp syn-rst-scan Protects against SYN/RST-scan attacks in which a
TCP SYN/RST scan message is used
GC
dos-protection tcp syn-urg-block Protects against attacks in which a TCP SYN/URG
message is used
GC
dos-protection tcp xmas-scan Protects against TCP XMAS-scan attacks GC
Protection for UDP GC
dos-protection udp blat-block Protects against UCP blat attacks GC
dos-protection udp flood Protects against UDP flooding attacks GC
dos-protection udp invalid-
header-length
Protects against invalid UCP header-length attacks GC
Other Protection Commands
dos-protection echo-chargen Protects against echo/chargen attacks GC
DoS Configuration Information GC
show dos-protection Shows the configuration settings for DoS protection PE
Table 57: DoS Protection Commands (Continued)
Command Function Mode
To Next Page
Loading...
