Chapter 8
| General Security Measures
Denial of Service Protection
– 308 –
dos-protection udp
flood
This command protects against UDP-flooding attacks in which a perpetrator sends
a large number of UDP packets (with or without a spoofed-Source IP) to random
ports on a remote host. The target will determine that an application is listening at
that port, and reply with an ICMP Destination Unreachable packet. It will be forced
to send many ICMP packets, eventually leading it to be unreachable by other
clients.
Syntax
dos-protection udp flood [bit-rate-in-kilo rate]
no dos-protection udp flood
rate – Maximum allowed rate. (Range: 64-2048 kbits/second)
Default Setting
Disabled, 1024 kbits/second
Command Mode
Global Configuration
Example
Console(config)#dos-protection udp flood 65
Console(config)#
dos-protection udp
invalid-header-length
This command protects against attacks which send UDP packets with an incorrect
header length. Such packets are not allowed by the system, but their abundant
number can cause computer crashes and other system errors.
Syntax
[no] dos-protection udp invalid-header-length
Default Setting
Disabled
Command Mode
Global Configuration
Command Usage
In these packets, the UDP raw data length is less than 8 bytes.
Example
Console(config)#dos-protection udp invalid-header-length
Console(config)#
To Next Page
Loading...
Need help?
General
