Digital Data Communications Level One GTL-2091 Manuale - Pagina 3

Sfoglia online o scarica il pdf Manuale per Interruttore Digital Data Communications Level One GTL-2091. Digital Data Communications Level One GTL-2091 5. Stp optional characteristic configuration commands
Anche per Digital Data Communications Level One GTL-2091: Manuale (14 pagine), Manuale (6 pagine), Manuale (18 pagine), Manuale (9 pagine)

Stampa la pagina

Chapter 1 DoS Attack Prevention Configuration

1.1 DoS-Attack Prevention Configuration Commands

DoS attack prevention configuration commands are shown below:



dos enable



show dos

1.1.1

dos enable

Syntax

dos enable {all | icmp icmp-value | ip | ipv4firstfrag | l4port | mac | tcpflags |

tcpfrag tcpfrag-value}

no dos enable {all | icmp | ip | ipv4firstfrag | l4port | mac | tcpflags | tcpfrag}

Parameter

all

icmp icmp-value

ipv4firstfrag

l4port

mac

tcpflags

tcpfrag tcpfrag-value

Default value

DoS attack prevention is disabled by default.

Remarks

DoS attack prevention is configured in global mode.

The DoS IP sub-function can drop those IP packets whose source IPs are equal to

the destination IPs.

http://www.level1.com

DoS Attack Prevention Configuration Commands

Commands

Enables to prevent all kinds of DoS attacks.

Prevents the ICMP DoS attacks. Here, the icmp-value

parameter means the maximum length of ICMP packet, whose

default value is 512.

Prevents those DoS attack packets whose source IP addresses

are equal to the destination IP addresses.

Starts to check the first fragment of IP packet.

Starts to check the L4 packets whose source port is equal to the

destination port.

Starts to check those packets whose source MACs are equal to

destination MACs.

Starts to check the TCP packets with illegal flags.

Starts to check the DoS attack packet of TCP fragment. Here,

the tcpfrag-value parameter means the minimum TCP header,

whose default value is 20.

-3-

Description