Name: Enterasys Matrix DFE-Gold Series
Brand: Enterasys
Rating: 4 (1 reviews)

To Next Page

To Previous Page

hostdos Configuring Denial of Service (DoS) Prevention

Enterasys Matrix DFE-Gold Series Configuration Guide 24-23

Disabled

IP packet with multicast/broadcast source address

Always enabled

0 attacks

Fragmented ICMP traffic

Disabled

Large ICMP packet

Disabled

Ping-of-Death attack

Always enabled

0 attacks

Port Scanning

Disabled

hostdos

UsethiscommandtoenableordisableDenialofServicesecurityfeatures.

Syntax

hostdos {land | fragmicmp | largeicmp size | checkspoof | portscan}

no hostdos {land | fragmicmp | largeicmp size | checkspoof}

Parameters

Defaults

None.

Mode

Routercommand,Globalconfiguration:Matrix>Router(config)#,or

Interfaceconfiguration:Matrix>Router(config‐if(Vlan<vlan_id>))#

Usage

The“no”formofthiscommanddisablesthespecifiedsecurityfeatures.

land Enableslandattackprotectionandautomaticallydiscardsillegal

frames.Thiscanbeenabledglobally,orper‐interface.

fragmicmp EnablesfragmentedICMPandPingofDeathpacketsprotectionand

automaticallydiscardsillegalframes.Thiscanonlybeenabledglobally.

largeicmpsize Enables

largeICMPpacketsprotection,specifiesthepacketsizeabove

whichtheprotectionstarts,andautomaticallydiscardsillegalframes.

Validpacketsizevaluesare1to65535.Thedefaultis1024.Thiscanonly

beenabledglobally.

checkspoof Enablesspoofedaddresscheckingandautomaticallyreportsspoofed

addressesviaSyslog.Thiscanbe

enabledglobally,orper‐interface.

portscan EnablesUDPandTCPportscanprotection.Thiscanonlybeenabled

globally.

Brand	Enterasys
Model	Matrix DFE-Gold Series
Category	Switch
Language	English

Enterasys Matrix DFE-Gold Series User Manual

Table of Contents

Questions and Answers:

Enterasys Matrix DFE-Gold Series Specifications

Related product manuals