ESR series service routers.ESR-Series. User manual
•
•
•
•
•
Step Description Command Keys
5 Enable protection against SYN flood
attacks.
esr(config)# ip firewall screen
dos-defense
syn-flood { <NUM> } [src-dsr]
<NUM> – maximum amount of
TCP packets with the set SYN flag
per second, set in the range of
[1..10000].
src-dst – limitation on the amount
of TCP packets with the SYN flag
set, based on the source and
destination addresses.
6 Enable protection against UDP flood
attacks.
esr(config)# ip firewall screen
dos-defense
udp-threshold { <NUM> }
<NUM> – maximum amount of
UDP packets per second, set in the
range of [1..10000].
7 Enable protection against winnuke
attacks.
esr(config)# ip firewall screen
dos-defense winnuke
8 Enable blocking of TCP packets with
the FIN flag set and the ACK flag not
set.
esr(config)# ip firewall screen
spy-blocking fin-no-ack
9 Enable blocking of various type ICMP
packets.
esr(config)# ip firewall screen
spy-blocking icmp-type
<TYPE> – ICMP type, may take the
following values:
destination-unreachable
echo-request
reserved
source-quench
time-exceeded
10 Enable protection against IP sweep
attacks.
esr(config)# ip firewall screen
spy-blocking ip-sweep { <NUM> }
<NUM> – ip sweep attack detection
time, set in milliseconds
[1..1000000].
11 Enable protection against port scan
attacks.
esr(config)# ip firewall screen
spy-blocking port-scan
{ <threshold> } [ <TIME> ]
<threshold> – interval in
milliseconds during which the port
scan attack will be recorded
[1..1000000].
<TIME> – blocking time in
milliseconds [1..1000000].
12 Enable protection against IP spoofing
attacks.
esr(config)# ip firewall screen
spy-blocking spoofing
13 Enable blocking of TCP packets, with
the SYN and FIN flags set.
esr(config)# ip firewall screen
spy-blocking syn-fin
To Next Page
Loading...
