Ip firewall check winnuke – ADTRAN 1000R Series User Manual

Command Reference Guide

Global Configuration Mode Command Set

61200510L1-35E

Copyright © 2005 ADTRAN

423

ip firewall check winnuke

Use the ip firewall check winnuke command to enable the AOS stateful inspection firewall to discard all
out of band (OOB) data (to protect against WinNuke attacks). Use the no form of this command to disable
this feature.

Syntax Description

No subcommands.

Default Values

All AOS security features are disabled by default until the ip firewall command is issued at the Global
Configuration prompt. Issuing the ip firewall command enables the WinNuke check.

Applicable Platforms

This command applies to the NetVanta 300, 1000R, 2000, 3000, 4000, and 5000 and Total Access 900
Series units.

Command History

Release 2.1

Command was introduced.

Functional Notes

WinNuke attack is a well-known denial of service attack on hosts running Microsoft Windows

®

operating

systems. An intruder sends out of band (OOB) data over an established connection to a Windows user.
Windows cannot properly handle the OOB data and the host reacts unpredictably. Normal shut-down of the
hosts will generally return all functionality. Using the ip firewall check winnuke command configures the
AOS stateful inspection firewall to filter all OOB data to prevent network problems.

Usage Examples

The following example enables the firewall to filter all OOB data:

(config)#ip firewall check winnuke

The AOS security features must be enabled (using the ip firewall command) for the stateful
inspection firewall to be activated.