Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 1001

Brocade Mobility RFS Controller CLI Reference Guide

991

53-1003098-01

ip dos

{ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce|invalid-protocol|

sequence-past-window|tcp-xmas-scan|tcphdrfrag|twinge|udp-short-hdr|winnuke}

[drop-only]

alerts

Numerical severity 1. Indicates a condition where immediate action is required

critical

Numerical severity 2. Indicates a critical condition

errors

Numerical severity 3. Indicates an error condition

warnings

Numerical severity 4. Indicates a warning condition

notification

Numerical severity 5. Indicates a normal but significant condition

informational

Numerical severity 6. Indicates a informational condition

debugging

Numerical severity 7. Debugging messages

dos

Identifies IP events as DoS events

ascend

Optional. Enables an ASCEND DoS check. Ascend routers listen on UDP port 9 for packets from Ascend's
Java Configurator. Sending a formatted packet to this port can cause an Ascend router to crash.

broacast-multicast-icmp

Optional. Detects broadcast or multicast ICMP packets as an attack

chargen

Optional. The Character Generation Protocol (chargen) is an IP suite service primarily used for testing and
debugging networks. It is also used as a source of generic payload for bandwidth and QoS measurements.

fraggle

Optional. A Fraggle DoS attack checks for UDP packets to or from port 7 or 19

ftp-bounce

Optional. A FTP bounce attack is a MIM attack that enables an attacker to open a port on a different
machine using FTP. FTP requires that when a connection is requested by a client on the FTP port (21),
another connection must open between the server and the client. To confirm, the PORT command has the
client specify an arbitrary destination machine and port for the data connection. This is exploited by the
attacker to gain access to a device that may not be the originating client.

invalid-protocol

Optional. Enables a check for invalid protocol number

ip-ttl-zero

Optional. Enables a check for the TCP/IP TTL field having a value of zero (0)

ipsproof

Optional. Enables a check for IP spoofing DoS attack

land

Optional. A Local Area Network Denial (LAND) is a DoS attack where IP packets are spoofed and sent to a
device where the source IP and destination IP of the packet are the target device’s IP, and similarly, the
source port and destination port are open ports on the same device. This causes the attacked device to
reply to itself continuously.

option-route

Optional. Enables an IP Option Record Route DoS check

router-advt

Optional. This is an attack, where a default route entry is added remotely to a device. This route entry is
given preference, and thereby exposes an attack vector.

router-solicit

Optional. Router solicitation messages are sent to locate routers as a form of network scanning. This
information can then be used to attack a device.

smurf

Optional. In this attack, a large number of ICMP echo packets are sent with a spoofed source address.
This causes the device with the spoofed source address to be flooded with a large number of replies.

snork

Optional. This attack causes a remote Windows™ NT to consume 100% of the CPU’s resources. This
attack uses a UDP packtet with a destination port of 135 and a source port of 7, 9, or 135. This attack
can also be exploited as a bandwidth consuming attack.

tcp-bad-sequence

Optional. A DoS attack that uses a specially crafted TCP packet to cause the targeted device to drop all
subsequent network traffic for a specific TCP connection