Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

1000

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

14

no ip tcp

[adjust-mss|optimize-unnecessary-resends|recreate-flow-on-out-of-state-syn|va

lidate-icmp-unreachable|validate-rst-ack-number|validate-rst-seq-number]

snork

Optional. Disables snork attack checks
This attack causes a remote Windows™ NT to consume 100% of the CPU’s resources. This attack
uses a UDP packtet with a destination port of 135 and a source port of 7, 9, or 135. This attack can
also be exploited as a bandwidth consuming attack.

tcp-bad-sequence

Optional. Disables tcp-bad-sequence checks
This DoS attack uses a specially crafted TCP packet to cause the targeted device to drop all
subsequent network of a specific TCP connection. Disables tcp-bad-sequence check.

tcp-fin-scan

Optional. Disables TCP FIN scan checks
A FIN scan finds services on ports. A closed port returns a RST. This allows the attacker to identify
open ports

tcp-intercept

Optional. Disables TCP intercept attack checks
Prevents TCP intercept attacks by using TCP SYN cookies

tcp-null-scan

Optional. Disables TCP Null scan checks
A TCP null scan finds services on ports. A closed port returns a RST. This allows the attacker to
identify open ports

tcp-post-syn

Optional. Disables TCP post SYN DoS attack checks

tcp-sequence-past-window

Optional. Disables TCP SEQUENCE PAST WINDOW DoS attack checks
Disable this check to work around a bug in Windows XP's TCP stack which sends data past the
window when conducting a selective ACK.

tcp-xmas-scan

Optional. Disables TCP XMAS scan checks
A TCP XMAS scan finds services on ports. A closed port returns a RST. This allows the attacker to
identify open ports

tcphdrfrag

Optional. Disables TCP header checks
A DoS attack where the TCP header spans IP fragments

twinge

Optional. Disables twinge attack checks
A twinge attack is a flood of false ICMP packets to try and slow down a system

udp-short-hdr

Optional. Disables UDP short header checks
Enables the identification of truncated UDP headers and UDP header length fields

winnuke

Optional. Disables Winnuke checks
This DoS attack is specific to Windows™ 95 and Windows™ NT, causing devices to crash with a blue
screen

no ip

Disables IP DoS events

tcp

Identifies and disables TCP events and configuration items

adjust-mss

Disables the adjust MSS configuration

optimize-unnecessary-resend
s

Disables the validation of unnecessary TCP packets

recreate-flow-on-out-of-state-
sync

Disallows a TCP SYN packet to delete an old flow in TCP_FIN_FIN_STATE, and TCP_CLOSED_STATE states
and create a new flow

validate-icpm-unreachable

Disables the sequence number validation in ICMP unreachable error packets

validate-rst-ack-number

Disables the acknowledgment number validation in RST packets

validate-rst-seq-number

Disables the sequence number validation in RST packets