для Cisco Cisco Packet Data Gateway (PDG)
ACS Configuration Mode Commands
▀ firewall dos-protection ip-sweep
▄ Command Line Interface Reference, StarOS Release 16
462
firewall dos-protection ip-sweep
This command is configured to detect Source IP-based flooding attacks in the uplink direction.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration
active-charging service service_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-acs)#
Syntax
firewall dos-protection ip-sweep { icmp | tcp-syn | udp } protect-servers { all | host-
pool hostpool_name } packet limit packet_limit | downlink-server-limit server_limit |
inactivity-timeout timeout | sample-interval interval }
pool hostpool_name } packet limit packet_limit | downlink-server-limit server_limit |
inactivity-timeout timeout | sample-interval interval }
default firewall dos-protection ip-sweep { downlink-server-limit | icmp | inactivity-
timeout | sample-interval | tcp-syn | udp }
timeout | sample-interval | tcp-syn | udp }
no firewall dos-protection ip-sweep { icmp | tcp-syn | udp }
default
Disables Stateful Firewall protection for subscribers against all DoS attacks.
no
Disables Stateful Firewall protection for subscribers against the specified Denial of Service (DoS) attack(s).
ip-sweep { icmp | tcp-syn | udp } protect-servers { all | host-pool hostpool_name
Enables protection against the specified flooding attack:
icmp
: Enables source IP-based flood attack detection for ICMP.
tcp-syn
: Enables source IP-based flood attack detection for TCP-SYN.
udp
: Enables source IP-based flood attack detection for UDP.
all
: Enables protection for all the servers.
host-pool hostpool_name
: Specifies the name of the host pool.
hostpool_name
must be an
alphanumeric string of 1 through 63 characters.
packet limit packet_limit
Specifies the maximum number of packets allowed during a sampling interval for uplink and downlink.
packet_limit
must be an integer from 1 through 4294967295.
Default: 1000 packets per sampling interval for all protocols.