Cisco Cisco Packet Data Gateway (PDG)
Firewall-and-NAT Policy Configuration Mode Commands
firewall dos-protection ▀
Command Line Interface Reference, StarOS Release 17 ▄
5059
tcp-window-containment
Enables protection against TCP sequence number out-of-range attacks.
source-router
Enables protection against IPv4/IPv6 Source Route IP Option attacks.
This command can be used to filter IPv4/IPv6 packets containing Routing header of Type 0 (source routing).
In this release, only type 0 filtering is supported.
This command can be used to filter IPv4/IPv6 packets containing Routing header of Type 0 (source routing).
In this release, only type 0 filtering is supported.
teardrop
Enables protection against IPv4/IPv6 Teardrop attacks.
winnuke
Enables protection against WIN-NUKE attacks.
Usage
Use this command to enable Stateful Firewall protection from different types of DoS attacks. This command
can be used multiple times for different DoS attacks.
can be used multiple times for different DoS attacks.
Important:
DoS attacks are detected only in the downlink direction.
Example
The following command enables protection from all supported DoS attacks:
firewall dos-protection all