DoS Attack Prevention Configuration Commands
http://www.level1.com
-3-
Chapter 1 DoS Attack Prevention Configuration
Commands
1.1 DoS-Attack Prevention Configuration Commands
DoS attack prevention configuration commands are shown below:
dos enable
show dos
1.1.1 dos enable
Syntax
dos enable {all | icmp
icmp-value
|
ip | ipv4firstfrag | l4port | mac | tcpflags |
tcpfrag
tcpfrag-value
}
no dos enable
{
all | icmp | ip | ipv4firstfrag | l4port | mac | tcpflags | tcpfrag
}
Parameter
Parameter
Description
all
Enables to prevent all kinds of DoS attacks.
icmp
icmp-value
Prevents the ICMP DoS attacks. Here, the
icmp-value
parameter means the maximum length of ICMP packet, whose
default value is 512.
ip
Prevents those DoS attack packets whose source IP addresses
are equal to the destination IP addresses.
ipv4firstfrag
Starts to check the first fragment of IP packet.
l4port
Starts to check the L4 packets whose source port is equal to the
destination port.
mac
Starts to check those packets whose source MACs are equal to
destination MACs.
tcpflags
Starts to check the TCP packets with illegal flags.
tcpfrag
tcpfrag-value
Starts to check the DoS attack packet of TCP fragment. Here,
the
tcpfrag-value
parameter means the minimum TCP header,
whose default value is 20.
Default value
DoS attack prevention is disabled by default.
Remarks
DoS attack prevention is configured in global mode.
The DoS IP sub-function can drop those IP packets whose source IPs are equal to
the destination IPs.
