Hostdos – Enterasys Networks X-Pedition XSR CLI User Manual

General Security Commands

XSR CLI Reference Guide 16-89

Syntax of the “no” Form

Threshold logging is disabled with the no form of this command:

no access-list log-update-threshold

Mode

Global configuration: 

XSR(config)#

Default

Disabled

Example

The following example enables alarm logging for ACL 101 and sets the log threshold at 10000:

XSR(config)#access-list 101 deny ip 15.15.15.1 0.0.0.255 16.16.16.1 0.0.0.255 log

XSR(config)#access-list log-update-threshold 10000

hostdos

This command enables host security protection against various DoS attacks via source IP address 
validation.

Syntax

hostdos {land | fragmicmp | largeicmp [size] | checkspoof}

Syntax of the “no” Form

The no form disables the specified security feature:

no hostdos {land | fragmicmp | largeicmp [size] | checkspoof}

Mode

Global configuration: 

XSR(config)#

Defaults

•

Disabled

•

Size: 1024

Note: Performing source address validation can improve security in some situations but can
erroneously discard valid packets in situations where inbound and outbound paths differ and will
negatively impact some routing protocols.

land

Enables land attack protection.

fragmicmp

Enables fragmented ICMP packets protection.

largeicmp

Enables large ICMP packets protection.

size

Packet size above which protection starts, ranging from 1 to 65535.

checkspoof

Enables spoofed address checking.