show hostdos

Use this command to display Host DoS configuration status or statistics.

Syntax

show hostdos [mitigation-type] [stats]

Parameters

mitigation-type (Optional) Specifies a DoS attack mitigation type display. Valid values are:
  • spoof - source-if is not this router interface
  • xmasTree - Inappropriate TCP flags
  • icmpFrag - ICMP with fragments specified
  • icmpFlood - ICMP rate
  • icmpSize - ICMP packet size
 
  • badSip - SIP==mcast or bcast
  • lanD - DIP==SIP
  • smurf - ICMP echo to directed broadcast
  • fraggle - UDP echo to directed broadcast
  • synFlood - SYN rate
  • portScan - Detect TCP/UDP Port Probes
  • tearDrop - Detect invalid overlapping IP fragments
stats (Optional) Specifies that all threat statistics should be displayed.

Defaults

  • If the mitigation-type is not specified and the stats option is specified, statistics for all mitigation-types are displayed.
  • If no option is specified, the configuration for all mitigation-types are displayed.

Mode

All command modes.

Examples

This example shows how to display Denial of Service configuration for this device. For details on how to set these parameters, refer to hostdos.

System(rw)->show hostDoS
show hostDos
hostDoS is globally enabled
arpNd      is enabled , logging is enabled
badSIP     is disabled, logging is enabled , rate is 0 per-second
fraggle    is disabled, logging is enabled , rate is 0 per-second
icmpFlood  is disabled, logging is enabled , rate is unlimited
icmpFrag   is disabled, logging is enabled , rate is 0 per-second
icmpSize   is disabled, logging is enabled , rate is 0 per-second
icmpSize   max-length is 1024
lanD       is enabled , logging is enabled , rate is 0 per-second
portScan   is disabled, logging is enabled , rate is 0 per-second
smurf      is disabled, logging is enabled , rate is 0 per-second
spoof      is disabled, logging is enabled , rate is 0 per-second
synFlood   is disabled, logging is enabled , rate is unlimited
xmasTree   is disabled, logging is enabled , rate is 0 per-second
System(rw)->

The following example displays statistics for each threat:

System(rw)->show hostDoS stats
 HostDos is globally Enabled
 ---------------------------------------------------------------------
 Threat       Ena     Violation    Last Occurrence
              ble Log   Count    Port       VLAN Date and Time
 ---------------------------------------------------------------------
 arpNd         Y   Y  0          N/A        N/A  N/A
 badSIP        N   Y  0          N/A        N/A  N/A
 fraggle       N   Y  0          N/A        N/A  N/A
 icmpFlood     N   Y  0          N/A        N/A  N/A
 icmpFrag      N   Y  0          N/A        N/A  N/A
 icmpSize      N   Y  0          N/A        N/A  N/A
 lanD          Y   Y  0          N/A        N/A  N/A
 portScan      N   Y  0          N/A        N/A  N/A
 smurf         N   Y  0          N/A        N/A  N/A
 spoof         N   Y  0          N/A        N/A  N/A
 synFlood      N   Y  0          N/A        N/A  N/A
 xmasTree      N   Y  0          N/A        N/A  N/A
System(rw)->