Denial of Service (DoS) Commands
OL-32830-01 Command Line Interface Reference Guide 370
16
16.6 security-suite dos protect
To protect the system from specific well-known Denial of Service (DoS) attacks,
use the security-suite dos protect Global Configuration mode command. There
are three types of attacks against which protection can be supplied (see
parameters below).
To disable DoS protection, use the no form of this command.
Syntax
security-suite dos protect
{add attack | remove attack
}
no security-suite dos protect
Parameters
add/remove
attack
—Specifies the attack type to add/remove. To add an attack is
to provide protection against it; to remove the attack is to remove protection.
The possible attack types are:
• stacheldraht—Discards TCP packets with source TCP port 16660.
• invasor-trojan—Discards TCP packets with destination TCP port 2140 and
source TCP port 1024.
• back-orifice-trojan—Discards UDP packets with destination UDP port
31337 and source UDP port 1024.
Default Configuration
No protection is configured.
Command Mode
Global Configuration mode
User Guidelines
For this command to work, show security-suite configuration must be enabled
globally.
Example
The following example protects the system from the Invasor Trojan DOS attack.
To Next Page
Loading...
Need help?
General