suspicious-control-flow-detection off
■ Use to turn off the suspicious control flow detection.
■ Example
host1(config)#suspicious-control-flow-detection off
■ Use the no version to turn on suspicious control flow detection, which is the
default.
■ See suspicious-control-flow-detection off.
suspicious-control-flow-detection protocol backoff-time
■ Use to set the backoff time in seconds for a specific protocol that triggers the
suspicious flow to return to a nonsuspicious state.
■ When set to zero, a suspicious control flow for a protocol does not return to a
nonsuspicious state using a time mechanism.
■ Example
host1(config)#suspicious-control-flow-detection protocol iposi backoff-time 300
■ Use the no version to restore the defaults for the protocol, 300 seconds.
■ See suspicious-control-flow-detection protocol backoff-time.
suspicious-control-flow-detection protocol low-threshold
■ Use to set a threshold for a specific protocol; if the flow rate falls below this rate,
a suspicious flow changes to the nonsuspicious state.
■ Low threshold is the rate in packets per second at which a suspicious flow
becomes no longer suspicious.
■ When set to zero, a suspicious flow cannot change to the nonsuspicious state by
means of a low threshold rate. To clear this flow, you must use the clear
suspicious-control-flow-detection command.
■ Example
host1(config)#suspicious-control-flow-detection protocol iposi low-threshold 512
■ Use the no version to restore the defaults for the protocol.
■ See suspicious-control-flow-detection protocol low-threshold.
suspicious-control-flow-detection protocol threshold
■ Use to set the threshold in packets per second for a specific protocol, which
triggers the flow to become a suspicious flow.
■ When set to zero, a suspicious flow cannot change to the nonsuspicious state
via a threshold rate.
■ Example
host1(config)#suspicious-control-flow-detection protocol iposi threshold 1024
Denial of Service (DoS) Protection ■ 455
Chapter 7: Passwords and Security
To Next Page
Loading...