Step Description Command Keys
11 Enable protection against port scan
attacks.
esr(config)# ip firewall screen spy-
blocking port-scan
{ <threshold> } [ <TIME> ]
<threshold> – interval in
milliseconds during which the
port scan attack will be
recorded [1..1000000].
<TIME> – blocking time in
milliseconds [1..1000000].
12 Enable the protection against IP
spoofing attacks.
esr(config)# ip firewall screen spy-
blocking spoofing
13 Enable the blocking of TCP packets,
with the SYN and FIN flags set.
esr(config)# ip firewall screen spy-
blocking syn-fin
14 Enable the blocking of TCP packets,
with all flags or with the set of flags:
FIN, PSH, URG. The given command
provides the protection against XMAS
attack
esr(config)# ip firewall screen spy-
blocking tcp-all-flag
15 Enable the blocking of TCP packets,
with the zero “flags” field.
esr(config)# ip firewall screen spy-
blocking tcp-no-flag
16 Enable the blocking of fragmented
ICMP packets.
esr(config)# ip firewall screen
suspicious-packets icmp-fragment
17 Enable the blocking of fragmented IP
packets.
esr(config)# ip firewall screen
suspicious-packets ip-fragment
18 Enable the blocking of ICMP packets
more than 1024 bytes.
esr(config)# ip firewall screen
suspicious-packets icmp-fragment
19 Enable the blocking of fragmented TCP
packets, with the SYN flag.
esr(config)# ip firewall screen
suspicious-packets syn-fragment
20 Enable the blocking of fragmented UDP
packets.
esr(config)# ip firewall screen
suspicious-packets udp-fragment
21 Enable the blocking of packets, with the
protocol ID contained in IP header equal
to 137 and more.
esr(config)# ip firewall screen
suspicious-packets unknown-
protocols
22 Set the frequency of notification (via
SNMP, syslog and in CLI) of detected
and blocked network attacks.
esr(config)# ip firewall logging
interval <NUM>
<NUM> – time interval in
seconds [30 .. 2147483647]