Command Guide of WGSW-28040
121
smurf-deny
: Smurf Attacks
smurf-netmask
: DoS information
syn-sportl1024-deny
: SYN packets with sport less than 1024
synfin-deny
: SYN and FIN bits set in the packet
synrst-deny
: SYNC and RST bits set in the packet
tcp-frag-off-min-check
: TCP fragment packet with offset equals to one
tcpblat-deny
: Source TCP port equals to destination TCP port
tcphdr-min-check
: Check minimum TCP header
tcphdr-min-length
: DoS information
udpblat-deny
: Source UDP port equals to destination UDP port
xma-deny
: Xmascan: sequence number is zero and the FIN, URG and PSH bits are set
Example:
This example shows how to disable synfin-deny and smurf with netmask length 30.
Switch(config)#
no dos synfin-deny
Switch(config)#
dos smurf-netmask 30
This example shows how to show current dos state on interface gi1
Switch#
show dos
Type | State (Length)
----------------------------+-----------------------
DMAC equal to SMAC | enabled
Land (DIP = SIP) | enabled
UDP Blat (DPORT = SPORT) | enabled
TCP Blat (DPORT = SPORT) | enabled
POD (Ping of Death) | enabled
IPv6 Min Fragment Size | enabled (1240 Bytes)
ICMP Fragment Packets | enabled
IPv4 Ping Max Packet Size | enabled (512 Bytes)
IPv6 Ping Max Packet Size | enabled (512 Bytes)
Smurf Attack | enabled (Netmask Length: 30)
TCP Min Header Length | enabled (20 Bytes)
TCP Syn (SPORT < 1024) | disabled
Null Scan Attack | enabled
X-Mas Scan Attack | enabled
TCP SYN-FIN Attack | enabled
TCP SYN-RST Attack | enabled
Содержание WGSW-28040
Страница 1: ...Command Guide of WGSW 28040 1 ...
Страница 163: ...Command Guide of WGSW 28040 163 gi1 replace gi2 deny gi3 deny gi4 deny gi5 deny More ...
Страница 167: ...Command Guide of WGSW 28040 167 gi1 1 00 11 22 33 44 55 192 168 1 55 255 255 255 255 Static NA ...
Страница 173: ...Command Guide of WGSW 28040 173 7 8 ...
Страница 300: ...Command Guide of WGSW 28040 300 fa1 enable 200 Off 10000 Off 10000 Shutdown ...