DGS-6604
mm
dos_prevention type
CLI Reference Guide
165
dos_prevention type
Use this command to enable/disable DoS prevention mechanism. The packet
matching and actions are handled by hardware. For each type of attack, the
device will match the specific pattern automatically.
dos_prevention type {
ATTACK-TYPES
}
no dos_preventioin type {
ATTACK-TYPES
}
Syntax Description
type
ATTACK-TYPES
Enables the DoS prevention mechanism for etiher a specified or all attacking
type. When using the no-form of this command, the specified or all types are
disabled.
land_attack
A LAND attack involves IP packets where the source and destination address
are set to the address of the target device. It may cause a target device to reply
to itself continuously.
blat_attack
This type of attack will send packets with TCP/UDP source ports equal to
destination ports of the target device. It may cause a target device to respond to
itself.
Caution
: use of the blat_attack type option results in suppression of RIP
advertisements being transmitted.
smurf_attack
An Attacker sends a large amount of ICMP request packets to an IP broadcast
address, the SIP of the attacking packets equals the victim's IP address. If a
router delivers traffic to the IP broadcast address, then all host in that IP network
will reply with ICMP packets to the victim’s IP address.
tcp_null_scan
Port scanning by using specific packets.
tcp_xmasscan
Port scanning by using specific packets.
tcp_synfin
Port scanning by using specific packets.
tcp_syn_srcport_less_1024
Port scanning by using specific packets.