Filter and Firewall
Left running head:
Chapter name (automatic)
680
Beta
Beta
CLI Configuration Guide
Alcatel-Lucent
The following attacks are the Default attacks (Rate Limiting attacks, which
includes both Stateful and Stateless attacks):
tcp_header_frag - -
udp_header_frag - -
tcp_fin_scan - -
tcp_syn_flood 100 1000 5
icmp_ping_flood 100 1000
icmp_dest_unrch_storm 10 1000
icmp_ip_address_sweep 100 1000
port_scan 5 1000
udp_flood 200 1000
udp-port-loopback 10 1000
ip-tear-drop - -
ip-tiny-frag 50 64
icmp-ping-of-death 50 65507
ip-zero-length - -
ip-land-attack - -
tcp-xmas-scan - -
tcp_-invalid-urgent-offset - -
tcp-null-scan - -
tcp-syn-fin - -
tcp-fin-no-ack - -
udp-fraggle-attack - -
You can create a “
default
” attack setting to check only the stateless attacks by
using the keyword “
default stateless
”.
The following attacks are the Default Stateless (Default Non-Rate Limiting)
attacks:
ip-tear-drop - -
ip-tiny-frag 50 64
icmp-ping-of-death 50 65507
ip-zero-length - -
ip-land-attack - -
tcp-xmas-scan - -
tcp_-invalid-urgent-offset - -
tcp-null-scan - -
tcp-syn-fin - -
tcp-fin-no-ack - -
udp-fraggle-attack - -
Note:
Some of the fragmentation attacks, in particular teardrop attack, tiny fragment attack,
and TCP header fragment attacks are detected by the fragment handling code even if
the corresponding attacks have not been configured. This will happen for any traffic
that is subject to any firewall configuration, i.e., either filter, NAT or DoS configuration.
This is why you can see these attacks in the “
show
” output even when you have not
configured them.
Summary of Contents for OmniAccess 700
Page 38: ...Left running head Chapter name automatic 12 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Page 176: ...Left running head Chapter name automatic 150 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Page 260: ...Left running head Chapter name automatic 234 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Page 434: ...Left running head Chapter name automatic 408 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Page 464: ...Left running head Chapter name automatic 438 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Page 638: ...Left running head Chapter name automatic 612 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Page 940: ...Left running head Chapter name automatic 914 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Page 1002: ...Left running head Chapter name automatic 976 Beta Beta CLI Configuration Guide Alcatel Lucent ...
Page 1120: ...Left running head Chapter name automatic 2 Beta Beta CLI Configuration Guide Alcatel Lucent ...