Chapter 8
| General Security Measures
Denial of Service Protection
– 298 –
Command Mode
Global Configuration
Example
Console(config)#dos-protection icmp smurf
Console(config)#
Protection for IPv4
dos-protection ip
invalid-destination-ip-
address
This command protects against invalid IP destination address attacks. When a
stream such packets are received, this can indicate a denial-of-service (DoS)
attempt or just a packet generator using RAW sockets on the network.
Syntax
[no] dos-protection ip invalid-destination-ip-address
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
These packets may have any of the following attributes:
◆ Destination IP address is 127.*.*.*
◆ Destination IP address is 0.0.0.0
Example
Console(config)#dos-protection ip invalid-destination-ip-address
Console(config)#
dos-protection ip
invalid-header-length
This command protects against attacks which send IP packets with an incorrect
header length or IP data length. Such packets are not allowed by the system, but
their abundant number can cause computer crashes and other system errors.
Syntax
[no] dos-protection ip invalid-header-length
Default Setting
Disabled
Command Mode
Global Configuration
To Next Page
Loading...
