hostdos Configuring Denial of Service (DoS) Prevention
Enterasys Matrix DFE-Gold Series Configuration Guide 24-23
Disabled
IP packet with multicast/broadcast source address
Always enabled
0 attacks
Fragmented ICMP traffic
Disabled
Large ICMP packet
Disabled
Ping-of-Death attack
Always enabled
0 attacks
Port Scanning
Disabled
hostdos
UsethiscommandtoenableordisableDenialofServicesecurityfeatures.
Syntax
hostdos {land | fragmicmp | largeicmp size | checkspoof | portscan}
no hostdos {land | fragmicmp | largeicmp size | checkspoof}
Parameters
Defaults
None.
Mode
Routercommand,Globalconfiguration:Matrix>Router(config)#,or
Interfaceconfiguration:Matrix>Router(config‐if(Vlan<vlan_id>))#
Usage
The“no”formofthiscommanddisablesthespecifiedsecurityfeatures.
land Enableslandattackprotectionandautomaticallydiscardsillegal
frames.Thiscanbeenabledglobally,orper‐interface.
fragmicmp EnablesfragmentedICMPandPingofDeathpacketsprotectionand
automaticallydiscardsillegalframes.Thiscanonlybeenabledglobally.
largeicmpsize Enables
largeICMPpacketsprotection,specifiesthepacketsizeabove
whichtheprotectionstarts,andautomaticallydiscardsillegalframes.
Validpacketsizevaluesare1to65535.Thedefaultis1024.Thiscanonly
beenabledglobally.
checkspoof Enablesspoofedaddresscheckingandautomaticallyreportsspoofed
addressesviaSyslog.Thiscanbe
enabledglobally,orper‐interface.
portscan EnablesUDPandTCPportscanprotection.Thiscanonlybeenabled
globally.
To Next Page
Loading...
