Chapter 9
| General Security Measures
Denial of Service Protection
– 375 –
dos-protection
echo-chargen
This command protects against DoS echo/chargen attacks in which the echo
service repeats anything sent to it, and the chargen (character generator) service
generates a continuous stream of data. When used together, they create an infinite
loop and result in a denial-of-service. Use the no form to disable this feature.
Syntax
dos-protection echo-chargen [bit-rate-in-kilo rate]
no dos-protection echo-chargen
rate – Maximum allowed rate. (Range: 64-2000 kbits/second)
Default Setting
Disabled, 1000 kbits/second
Command Mode
Global Configuration
Example
Console(config)#dos-protection echo-chargen 65
Console(config)#
dos-protection smurf This command protects against DoS smurf attacks in which a perpetrator generates
a large amount of spoofed ICMP Echo Request traffic to the broadcast destination
IP address (255.255.255.255), all of which uses a spoofed source address of the
intended victim. The victim should crash due to the many interrupts required to
send ICMP Echo response packets. Use the no form to disable this feature.
Syntax
[no] dos-protection smurf
Default Setting
Enabled
dos-protection tcp-udp-port-zero Protects against attacks which set the Layer 4 source
or destination port to zero
GC
dos-protection tcp-xmas-scan Protects against DoS TCP-XMAS-scan attacks GC
dos-protection udp-flooding Protects against DoS UDP-flooding attacks GC
dos-protection win-nuke Protects against DoS WinNuke attacks GC
show dos-protection Shows the configuration settings for DoS protection PE
Table 64: DoS Protection Commands (Continued)
Command Function Mode
To Next Page
Loading...
Need help?
General