Security-Suite Dos Syn-Attack - Cisco 300 Series Cli Manual
Small business 300 series managed switches
command line interface guide release 1.3
Hide thumbs
Also See for 300 Series:
- Cli manual (1117 pages) ,
- Administration manual (586 pages) ,
- Quick start manual (72 pages)
Table of Contents
Advertisement
50
842
Example
The following example protects the system from the Invasor Trojan DOS attack.
switchxxxxxx(config)#
50.3
security-suite dos syn-attack
Use the security-suite dos syn-attack Interface Configuration mode command to
rate limit Denial of Service (DoS) SYN attacks. This provides partial blocking of
SNY packets (up to the rate that the user specifies).
Use the no form of this command to disable rate limiting.
Syntax
security-suite dos syn-attack
no security-suite dos syn-attack {
Parameters
•
syn-rate—Specifies the maximum number of connections per second.
(Range: 199–1000)
•
any | ip-address—Specifies the destination IP address. Use any to specify
all IP addresses.
•
mask—Specifies the network mask of the destination IP address.
•
prefix-length—Specifies the number of bits that comprise the destination IP
address prefix. The prefix length must be preceded by a forward slash (/).
Default Configuration
No rate limit is configured.
If ip-address is unspecified, the default is 255.255.255.255
If prefix-length is unspecified, the default is 32.
Command Mode
Interface Configuration (Ethernet, Port-channel) mode
security-suite dos protect add invasor-trojan
syn-rate
any | ip-address
{
any | ip-address
78-21075-01 Command Line Interface Reference Guide
Denial of Service (DoS) Commands
mask
prefix-length
} {
| /
mask
prefix-length
} {
| /
}
}
Advertisement
Table of Contents
