•
•
•
•
•
Step Description Command Keys
2 Enable protection against land attacks. esr(config)# firewall screen dos-
defense land
3 Enable a limit on the number of packets
sent per second per destination
address
esr(config)# ip firewall screen dos-
defense
limit-session-destination
{ <NUM> }
<NUM> – limit number of IP
packets per second, set in the
range of [1..10000].
4 Enable a limit on the number of packets
sent per second per source address
esr(config)# ip firewall screen dos-
defense
limit-session-source { <NUM> }
<NUM> – limit number of IP
Packets per second, set in the
range of [1..10000].
5 Enable protection against SYN flood
attacks.
esr(config)# ip firewall screen dos-
defense
syn-flood { <NUM> } [src-dsr]
<NUM> – maximum amount of
TCP packets with the set SYN
flag per second, set in the
range of [1..10000].
src-dst – limitation on the
amount of TCP packets with
the SYN flag set, based on the
source and destination
addresses.
6 Enable protection against UDP flood
attacks.
esr(config)# ip firewall screen dos-
defense
udp-threshold { <NUM> }
<NUM> – maximum amount of
UDP packets per second, set in
the range of [1..10000].
7 .Enable protection against winnuke
attacks.
esr(config)# ip firewall screen dos-
defense winnuke
8 Enable the blocking of TCP packets
with the FIN flag set and the ACK flag
not set.
esr(config)# ip firewall screen spy-
blocking fin-no-ack
9 Enable the blocking of various type
ICMP packets.
esr(config)# ip firewall screen spy-
blocking icmp-type
<TYPE> – ICMP type, may take
the following values:
destination-unreachable
echo-request
reserved
source-quench
time-exceeded
10 Enable the protection against IP sweep
attacks.
esr(config)# ip firewall screen spy-
blocking ip-sweep { <NUM> }
<NUM> – ip sweep attack
detection time, set in
milliseconds [1..1000000].
To Next Page
Loading...
