EasyManuals Logo
Home>ELTEX>Switch>MES1000

ELTEX MES1000 User Manual

ELTEX MES1000
231 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #206 background imageLoading...
Page #206 background image
206 MES1000, MES2000 Ethernet Switches
absolute end hh:mm day month year
year: 2000..2097
Set the absolute time and date of the access list expiration.
no absolute end
Remove the time limit. If the time and date of the access list
expiration are not defined, the access list will be active for
the indefinite time period.
periodic day_of_the_week hh:mm to
day_of_the_week hh:mm
day-of-the-week:
Monday,
Tuesday, Wednesday,
Thursday, Friday,
Saturday, Sunday
hh:mm: (0..23):(0..5)
Set the time and day of the week, when the access list is
active.
periodic list hh:mm to hh:mm
day_of_the_week1
[day_of_the_week2…
day_of_the_week7]
periodic list hh:mm to hh:mm all
no periodic day_of_the_week hh:mm
to day_of_the_week hh:mm
Remove the time limit.
no periodic list hh:mm to hh:mm
day_of_the_week 1
[day_of_the_week2…
day_of_the_week7]
no periodic list all hh:mm to hh:mm all
5.32 Configuration of Protection from DoS Attacks
This type of commands provides means for blocking some widely spread types of DoS attacks.
Global Configuration Mode Commands
Command line in the global configuration mode appears as follows:
console (config)#
Table 5.249Configuration commands for protection from DoS attacks
Parameter
Value
Action
security-suite deny
martian-addresses
{reserved|add ip_address
|remove ip_address }
ip_address: IP address
Denies frames with invalid (Martian) IP source addresses
(loopback, broadcast, multicast).
- ip_addressvalid IP address
security-suite dos protect
{add|remove}
{stacheldraht|
invasor-trojan|
back-orifice-trojan}
-
Denies/permits certain types of traffic which are often used by
malware:
- stacheldrahtfilters out TCP packets with source port 16660;
- invasor-trojanfilters out TCP packets with destination port
2140 and source port 2140;
- back-orifice-trojanfilters out UDP packets with destination
port 31337 and source port 1024.
security-suite enable
-
Enables the security-suite command class.
no security-suite enable
Disables the security-suite command class.
Commands for Interface Configuration of Ethernet Interface and a Group of Ports
Command line in the interface configuration mode for Ethernet interface and a group of ports appears as
follows:
console (config-if)#
Table 5.250 Command for configuration of interface protection from DoS attacks
Command
Value
Action
security-suite deny
{fragmented|icmp|syn}
-
Creates/removes a rule denying traffic which fulfils criteria.
- fragmentedfragmented packets;

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the ELTEX MES1000 and is the answer not in the manual?

ELTEX MES1000 Specifications

General IconGeneral
BrandELTEX
ModelMES1000
CategorySwitch
LanguageEnglish

Related product manuals