Nortel 4134 Guia Do Utilizador
Configuring global properties
81
Table 13
Variable definitions
Variable definitions
Variable
Value
[no]
Disables bypass trusted.
Configuring global DOS protection
Configure global Denial of Service (DOS) protection to protect the network
against intrusion attempts such as SYN attacks, Win-nuke attacks, and IP
sequence number spoofing.
against intrusion attempts such as SYN attacks, Win-nuke attacks, and IP
sequence number spoofing.
By default, all DOS protection checks are disabled except for SYN flooding,
ICMP error, and DNS replay.
ICMP error, and DNS replay.
Procedure steps
Step
Action
1
To enter configuration mode, enter:
configure terminal
2
To specify global firewall configuration, enter:
firewall global
3
To specify global DOS protection configuration, enter:
dos-protect
4
To enable or disable desired DOS protection options, enter:
[no] <dos-protect-option>
—End—
Table 14
Variable definitions
Variable definitions
Variable
Value
enable-all
Enables/disables all DOS protect checks.
dns-replay-attack
Enables/disables DNS replay attack check.
A DNS replay attack occurs when an individual intercepts
traffic, analyzes the captured packets and obtains
authentication information. The individual can then use
this information to gain access to other systems by
reinserting the authenticated packets on the Internet and
replaying them.
A DNS replay attack occurs when an individual intercepts
traffic, analyzes the captured packets and obtains
authentication information. The individual can then use
this information to gain access to other systems by
reinserting the authenticated packets on the Internet and
replaying them.
<dos-protect-opt
ion>
ion>
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.