DOS ATTACK PREVENTION COMMANDS
The DoS commands in the Command Line Interface (CLI) are listed (along with the appropriate
parameters) in the following table.
Command Parameter
config dos_prevention
[dos_type {land_attack state [ enable | disable ] | blat_attack state [ enable |
disable ] | tcp_null_scan state [ enable | disable ] | tcp_xmascan state [ enable |
disable ] | tcp_synfin state [ enable | disable ] | tcp_syn_srcport_less_1024 state
[ enable | disable ] | ping_death_attack state [ enable | disable ]} (1) | all state
[ enable | disable ]]
show dos_prevention
{land_attack | blat_attack | tcp_null_scan | tcp_xmascan | tcp_synfin |
tcp_syn_srcport_less_1024 | ping_death_attack }
Each command is listed in detail, as follows:
config dos_prevention
Purpose To prevent the DoS attack on the Switch.
Syntax
config dos_prevention [dos_type {land_attack state [ enable |
disable ] | blat_attack state [ enable | disable ] | tcp_null_scan
state [ enable | disable ] | tcp_xmascan state [ enable | disable ]
| tcp_synfin state [ enable | disable ] |
tcp_syn_srcport_less_1024 state [ enable | disable ] |
ping_death_attack state [ enable | disable ]} (1) | all state
[ enable | disable ]]
Description This command configures the prevention of each DoS attack. The
packet matching will be done by hardware. For a specific type of
attack, the content of the packet will be matched against a specific
pattern.
Parameters
dos_type –The type of DoS attack. Possible values are as follows:
land_attack, blat_attack, tcp_null_scan, tcp_xmascan, tcp_synfin,
tcp_syn_srcport_less_1024, ping_death_attack.
state [enable | disable] – enable and disable DoS attack prevention
on the Switch.
Restrictions Only administrator-level users can issue this command.
159
To Next Page
Loading...
Need help?
General
