Cisco Cisco ASR 5700
ACS Configuration Mode Commands
firewall port-scan ▀
Command Line Interface Reference, StarOS Release 17 ▄
483
tcp
: Specifies response timeout for TCP.
response_timeout
must be an integer from 1 through 30.
udp
: Specifies response timeout for UDP.
response_timeout
must be an integer from 1 through 60.
Default: 3 seconds
scanner-policy { block inactivity-timeout inactivity_timeout | log-only }
Specifies how to treat packets from a source address that has been detected as a scanner.
block inactivity-timeout inactivity_timeout
: Specifies blocking any subsequent traffic
from the scanner. If the scanner is found to be inactive for the inactivity-timeout period, then the
scanner is no longer blocked, and traffic is allowed.
scanner is no longer blocked, and traffic is allowed.
inactivity_timeout
specifies the scanner inactivity timeout period, in seconds, and must be an
integer from 1 through 4294967295.
log-only
: Specifies logging scanner information without blocking scanner traffic.
Default:
log-only
Usage
Use this command to configure the Stateful Firewall Port Scan Detection algorithm enabled by the
firewall
dos-protection port-scan
CLI command.
This protection tracks all uplink source addresses, and the packets they initiate towards all subscribers that
have this protection enabled.
have this protection enabled.
Example
The following command configures the Stateful Firewall Port Scan inactivity timeout setting to
900
seconds:
firewall port-scan inactivity-timeout 900