Dos-protection tcp- scan, Show dos- protection, Dos-protection tcp-scan – LevelOne GTL-2691 User Manual

C

HAPTER

29

| General Security Measures

Denial of Service Protection

– 970 –

dos-protection tcp-

scan

This command protects against DoS TCP-null-scan attacks, DoS TCP-SYN/

FIN-scan attacks, and DoS TCP-xmas-scan attacks. Use the no form to

disable this feature.

S

YNTAX

[no] dos-protection tcp-scan

D

EFAULT

S

ETTING

Disabled

C

OMMAND

M

ODE

Global Configuration

C

OMMAND

U

SAGE

This command can be used to protect against the following types of DoS

attacks:

◆

DoS TCP-null-scan attacks – A TCP NULL scan message is used to

identify listening TCP ports. The scan uses a series of strangely

configured TCP packets which contain a sequence number of 0 and no

flags. If the target's TCP port is closed, the target replies with a TCP

RST (reset) packet. If the target TCP port is open, it simply discards the

TCP NULL scan.

◆

DoS TCP-SYN/FIN-scan attacks – A TCP SYN/FIN scan message is used

to identify listening TCP ports. The scan uses a series of strangely

configured TCP packets which contain SYN (synchronize) and FIN

(finish) flags. If the target's TCP port is closed, the target replies with a

TCP RST (reset) packet. If the target TCP port is open, it simply

discards the TCP SYN FIN scan.

◆

DoS TCP-xmas-scan attacks – A so-called TCP XMAS scan message is

used to identify listening TCP ports. This scan uses a series of strangely

configured TCP packets which contain a sequence number of 0 and the

URG, PSH and FIN flags. If the target's TCP port is closed, the target

replies with a TCP RST packet. If the target TCP port is open, it simply

discards the TCP XMAS scan.

E

XAMPLE

Console(config)#dos-protection tcp-null-scan

Console(config)#

show dos-

protection

This command shows the configuration settings for the DoS protection

commands.

C

OMMAND

M

ODE

Privileged Exec