Chapter 9
| General Security Measures
Denial of Service Protection
– 384 –
dos-protection
echo-chargen
This command protects against DoS echo/chargen attacks in which the echo
service repeats anything sent to it, and the chargen (character generator) service
generates a continuous stream of data. When used together, they create an infinite
loop and result in a denial-of-service. Use the no form without the bit rate
parameter to disable this feature, or with the bit rate parameter to restore the
defautl rate limit..
Syntax
dos-protection echo-chargen [bit-rate-in-kilo rate]
no dos-protection echo-chargen [bit-rate-in-kilo]
rate – Maximum allowed rate. (Range: 64-2000 kbits/second)
Default Setting
Disabled, 1000 kbits/second
Command Mode
Global Configuration
Example
Console(config)#dos-protection echo-chargen bit-rate-in-kilo 65
Console(config)#
dos-protection smurf This command protects against DoS smurf attacks in which a perpetrator generates
a large amount of spoofed ICMP Echo Request traffic to the broadcast destination
IP address (255.255.255.255), all of which uses a spoofed source address of the
intended victim. The victim should crash due to the many interrupts required to
send ICMP Echo response packets. Use the no form to disable this feature.
Syntax
[no] dos-protection smurf
Default Setting
Enabled
Command Mode
Global Configuration
Example
Console(config)#dos-protection smurf
Console(config)#
To Next Page
Loading...
Need help?
General