C
HAPTER
25
| General Security Measures
Denial of Service Protection
– 942 –
COMMAND MODE
Global Configuration
EXAMPLE
Console(config)#dos-protection tcp-flooding 65
Console(config)#
dos-protection
tcp-null-scan
This command protects against DoS TCP-null-scan attacks in which a TCP
NULL scan message is used to identify listening TCP ports. The scan uses a
series of strangely configured TCP packets which contain a sequence
number of 0 and no flags. If the target's TCP port is closed, the target
replies with a TCP RST (reset) packet. If the target TCP port is open, it
simply discards the TCP NULL scan. Use the no form to disable this feature.
SYNTAX
[no] dos-protection tcp-null-scan
DEFAULT SETTING
Enabled
COMMAND MODE
Global Configuration
EXAMPLE
Console(config)#dos-protection tcp-null-scan
Console(config)#
dos-protection
tcp-syn-fin-scan
This command protects against DoS TCP-SYN/FIN-scan attacks in which a
TCP SYN/FIN scan message is used to identify listening TCP ports. The scan
uses a series of strangely configured TCP packets which contain SYN
(synchronize) and FIN (finish) flags. If the target's TCP port is closed, the
target replies with a TCP RST (reset) packet. If the target TCP port is open,
it simply discards the TCP SYN FIN scan. Use the no form to disable this
feature.
SYNTAX
[no] dos-protection syn-fin-scan
DEFAULT SETTING
Enabled
COMMAND MODE
Global Configuration
To Next Page
Loading...
