Configuration Guide DoS Protection Configuration
Display DoS Protection Status
Display Land attack protection status
To display Land attack protection status, run the following commands:
The example below shows how to display the Land attack protection status:
Ruijie# show ip deny land
DoS Protection Mode State
------------------------------------- -----
protect against land attack On
Display invalid TCP message attack protection status
To display invalid TCP message attack protection status, run the following
commands:
The example below shows how to display the invalid TCP message attack protection
status:
Ruijie# show ip deny invalid-tcp
DoS Protection Mode State
------------------------------------- -----
protect against invalid tcp attack On
Ingress Filtering for DoS Attack Protection
Overview
In recent years, the spread of various DoS (Denial of Service) attack messages over
Internet has brought about considerable troubles to Internet users. There are many
kinds of DoS attacks, while the basic form of DoS attack utilizes valid service
requests to occupy excessive service resources, thus making valid users unable to
get service response. The attack messages will mainly disguise the source IP to
avoid exposure.
In regard to this, RFC2827 has proposed to set up Ingress Filtering at network
access point to prevent messages with disguised source IP from accessing the
network. Such an approach puts emphasis upon the early stage of attack and overall
prevention of DoS attacks, and thus has satisfactory effects. Such filtering can also
help ISP and network administrator to accurately locate the attackers using true and
To Next Page
Loading...
