Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
ACS Rulebase Configuration Mode Commands
firewall dos-protection ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
firewall dos-protection
This command configures protection for subscribers from Denial-of-Service (DoS) attacks.
Important:
In StarOS 8.0, this command is available in the ACS Configuration Mode. In StarOS 8.1 and StarOS
8.3, use this command for Rulebase-based Firewall-and-NAT configuration. In StarOS 8.1 and StarOS 9.0 and later, for
Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
Product
FW
Privilege
Security Administrator, Administrator
Syntax
Disables protection for subscribers from all or specified DoS attack(s).
Disables protection from all DOS attacks.
Enables protection against all DoS attacks supported by the Stateful Firewall service.
Enables protection against specified flooding attacks:
: Enables protection against ICMP Flood attacks
: Enables protection against TCP Syn Flood attacks
: Enables protection against UDP Flood attacks
Enables protection against FTP Bounce attacks.
In an FTP Bounce attack, an attacker is able to use the PORT command to request access to ports indirectly
through a user system as an agent for the request. This technique is used to port scan hosts discreetly, and to
access specific ports that the attacker cannot access through a direct connection.
In an FTP Bounce attack, an attacker is able to use the PORT command to request access to ports indirectly
through a user system as an agent for the request. This technique is used to port scan hosts discreetly, and to
access specific ports that the attacker cannot access through a direct connection.
Enables protection against IP Unaligned Timestamp attacks.