Chapter 8
| General Security Measures
Denial of Service Protection
– 297 –
Command Mode
Global Configuration
Example
Console(config)#dos-protection icmp nuke
Console(config)#
dos-protection icmp
ping-of-death
This command protects against ping-of-death attacks in which an attacker
deliberately sends an IP packet larger than the maximum length allowed by the
IPv4 or IPv6 protocol, or by using fragmentation in which a packet broken down
into fragments could add up to more than the allowed maximum length. Many
operating systems did not know how to respond when they received an oversized
packet, so they froze, crashed, or rebooted.
Syntax
[no] dos-protection icmp ping-of-death
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
These packets may have one of the following attributes:
â—† The ICMP IPv4 message length exceeds the defined maximum length.
â—† The ICMP IPv6 message length exceeds the defined maximum length.
Example
Console(config)#dos-protection icmp ping-of-death
Console(config)#
dos-protection icmp
smurf
This command protects against smurf attacks in which a perpetrator generates a
large amount of spoofed ICMP Echo Request traffic to the broadcast destination IP
address (255.255.255.255), all of which uses a spoofed source address of the
intended victim. The victim should crash due to the many interrupts required to
send ICMP Echo response packets.
Syntax
[no] dos-protection icmp smurf
Default Setting
Disabled
To Next Page
Loading...
Need help?
General
