Step Description Command Keys
23 Enable more detailed message output
about detected and blocked network
attacks in the CLI.
esr(config)# logging firewall
screen detailed
24 Enable mechanism of DoS attacks
detection and logging via CLI, syslog
and SNMP.
esr(config)# logging firewall
screen dos-defense
<ATACK_TYPE>
<ATACK_TYPE> – DoS attack
type, takes the following
values: icmp-threshold, land,
limit-session-destination, limit-
session-source, syn-flood, udp-
threshold, winnuke.
25 Enable mechanism of espionage
activity detection and logging via CLI,
syslog and SNMP.
esr(config)# logging firewall
screen spy-blocking
{ <ATACK_TYPE> | icmp-type
<ICMP_TYPE> }
<ATACK_TYPE> – espionage
activity type, takes the
following values: fin-no-ack, ip-
sweep, port-scan, spoofing,
syn-fin, tcp-all-flag, tcp-no-flag.
<ICMP_TYPE> – ICMP type,
takes the following values:
destination-unreachable, echo-
request, reserved, source-
quench, time-exceeded.
26 Enable mechanism of specialized
packets detection and logging via CLI,
syslog and SNMP.
esr(config)#logging firewall
screen suspicious-packets
<PACKET_TYPE>
<PACKET_TYPE> – non-
standard packets type, takes
the following values: icmp-
fragment, ip-fragment, large-
icmp, syn-fragment, udp-
fragment, unknown-protocols.
13.3.2 Description of attack protection mechanisms
Command Description
ip firewall screen dos-defense icmp-
threshold
This command enables the protection against ICMP flood attacks. When the
protection is enabled, the amount of all types ICMP packets per second for one
destination address is limited. The attack leads to the host reboot and its failure
due to the necessity to process each query and respond to it.
firewall screen dos-defense land This command enables the protection against land attacks. When the
protection is enabled, the packets with the same source and destination IP
addresses and with SYN flag in TCP header are blocked. The attack leads to the
host reboot and its failure due to the necessity to process each TCP SYN packet
and the attempts of the host to establish a TCP session with itself.
To Next Page
Loading...
Need help?
General
