Cisco Cisco Packet Data Gateway (PDG)
winnuke
Enables protection against WIN-NUKE attacks.
This is a type of Nuke denial-of-service attack against networks consisting of fragmented or otherwise invalid
ICMP packets sent to the target, achieved by using a modified ping utility to repeatedly send this corrupt data,
thus slowing down the affected computer until it comes to a complete stop.
ICMP packets sent to the target, achieved by using a modified ping utility to repeatedly send this corrupt data,
thus slowing down the affected computer until it comes to a complete stop.
The WinNuke exploits the vulnerability in the NetBIOS handler and a string of out-of-band data sent to TCP
port 139 of the victim machine causing it to lock up and display a Blue Screen of Death.
port 139 of the victim machine causing it to lock up and display a Blue Screen of Death.
Usage Guidelines
Use this command to enable Stateful Firewall protection from different types of DoS attacks. This command
can be used multiple times for different DoS attacks.
can be used multiple times for different DoS attacks.
The DoS attacks are detected only in the downlink direction.
Important
Examples
The following command enables Stateful Firewall protection from all supported DoS attacks:
firewall dos-protection all
firewall dos-protection all
Command Line Interface Reference, Modes A - B, StarOS Release 19
651
ACS Rulebase Configuration Mode Commands
firewall dos-protection