Denial of Service Commands

Note

Note

Denial of Service (DataPlane) is supported on XGS-III and later platforms only.

This section describes the commands used to configure Denial of Service (DoS) Control. 200 Series software provides support for classifying and blocking specific types of Denial of Service attacks. You can configure your system to monitor and block these types of attacks:

SIP = DIP Source IP address = Destination IP address
First Fragment TCP Header size smaller than configured value
TCP Fragment Allows the device to drop packets that have a TCP payload where the IP payload length minus the IP header size is less than the minimum allowed TCP header size
TCP Flag TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set
L4 Port Source TCP/UDP Port = Destination TCP/UDP Port
ICMP Limiting the size of ICMP (Internet Control Message Protocol) Ping packets