Enterasys Networks 1G58x-09 User Manual

Security Configuration Command Set

Configuring Denial of Service Prevention

14-100

Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide

Syntax Description

Command Syntax of the “no” Form

The “no” form of this command disables the specified security features:

no HostDos {land | fragmicmp | largeicmp size | checkspoof}

Command Type

Router command.

Command Mode

Global configuration: Matrix>Router(config)#

Command Defaults

None.

Example

This example shows how to enable land attack and large ICMP packets protection for packets larger
than 2000 bytes:

land

Enables land attack protection and automatically discards
illegal frames.

fragmicmp

Enables fragmented ICMP and Ping of Death packets
protection and automatically discards illegal frames.

largeicmp size

Enables large ICMP packets protection, specifies the
packet size above which the protection starts, and
automatically discards illegal frames. Valid packet size
values are 1 to 65535. The default is 1024.

checkspoof

Enables spoofed address checking and automatically
reports spoofed addresses via Syslog.

portscan

Enables port scan protection and automatically reports via
Syslog that port scanning is in progress.

Matrix>Router(config)#HostDos land

Matrix>Router(config)#HostDos largeicmp 2000