Digital Data Communications Level One GTL-2091 매뉴얼 - 페이지 4
{카테고리_이름} Digital Data Communications Level One GTL-2091에 대한 매뉴얼을 온라인으로 검색하거나 PDF를 다운로드하세요. Digital Data Communications Level One GTL-2091 5 페이지. Stp optional characteristic configuration commands
Digital Data Communications Level One GTL-2091에 대해서도 마찬가지입니다: 매뉴얼 (14 페이지), 매뉴얼 (6 페이지), 매뉴얼 (18 페이지), 매뉴얼 (9 페이지)
페이지 인쇄The DoS ICMP sub-function can drop the following two kinds of packets: 1.
ICMPv4/v6 ping packets whose size is larger than icmp-value; 2. ICMP packets.
The DoS l4port sun-function can drop those TCP/UDP packets whose source port
is equal to the destination port.
The DoS MAC sub-function can drop those packets whose source MACs are equal
to destination MACs.
The DoS tcpflags sub-function can drop the following 4 kinds of TCP packets: 1.
TCP SYN flag=1 & source port<1024; 2.TCP control flags = 0 & sequence = 0;
3.TCP FIN URG PSH =1 & sequence = 0; 4.TCP FIN SYN =1.
The DoS tcpfrag sub-function can drop the following two kinds of TCP packets: 1.
The TCP header is smaller than the first TCP fragment of tcpfrag-value; 2. TCP
fragments whose offset values are 1.
Example
The following example shows how to set the global DoS attack prevention function
to prevent those IP packets whose source IPs are destination IP addresses.
Console_config#dos enable ip
The following example shows how to set DoS attack prevention in global mode to
prevent those packets whose maximum ICMP length is bigger than 255.
Console_config#dos enable icmp 255
1.1.2
show dos
Syntax
show dos
It is used to show all DoS attack prevention functions that users have set.
Parameter
N/A
Default value
N/A
Remarks
EXEC mode
Example
The following example shows how to display all DoS attack prevention functions.
Console_config#dos enable all
Console_config#show dos
dos enable ip
dos enable ipv4firstfrag
dos enable tcpflags
dos enable l4port
dos enable mac
dos enable tcpfrag
http://www.level1.com
DoS Attack Prevention Configuration Commands
-4-