Cisco Cisco Packet Data Gateway (PDG)
firewall dos-protection ip-sweep
This command is configured to detect Source IP-based flooding attacks in the uplink direction.
In StarOS 17.0 and later releases, the IPsweep feature is not enabled in the ACS Configuration mode, and
must be enabled in the Firewall-and-NAT Policy Configuration mode. Hence, this command is no longer
supported and left in place for backward compatibility.
must be enabled in the Firewall-and-NAT Policy Configuration mode. Hence, this command is no longer
supported and left in place for backward compatibility.
Important
Product
PSF
Privilege
Security Administrator, Administrator
Command Modes
Exec > ACS Configuration
active-charging service service_name
Entering the above command sequence results in the following prompt:
[local]
host_name
(config-acs)#
Syntax Description
firewall dos-protection ip-sweep { icmp | tcp-syn | udp } protect-servers { all | host-pool hostpool_name
} packet limit packet_limit | downlink-server-limit server_limit | inactivity-timeout timeout | sample-interval
interval }
default firewall dos-protection ip-sweep { downlink-server-limit | icmp | inactivity-timeout |
sample-interval | tcp-syn | udp }
no firewall dos-protection ip-sweep { icmp | tcp-syn | udp }
sample-interval | tcp-syn | udp }
no firewall dos-protection ip-sweep { icmp | tcp-syn | udp }
default
Disables Stateful Firewall protection for subscribers against all DoS attacks.
no
Disables Stateful Firewall protection for subscribers against the specified Denial of Service (DoS) attack(s).
ip-sweep { icmp | tcp-syn | udp } protect-servers { all | host-pool hostpool_name
Enables protection against the specified flooding attack:
• icmp: Enables source IP-based flood attack detection for ICMP.
• tcp-syn: Enables source IP-based flood attack detection for TCP-SYN.
• udp: Enables source IP-based flood attack detection for UDP.
Command Line Interface Reference, Modes A - B, StarOS Release 19
396
ACS Configuration Mode Commands
firewall dos-protection ip-sweep