Ip firewall sync-attack-protect – Enterasys Networks X-Pedition XSR CLI User Manual
Page 676
Firewall Interface Commands
16-132 Configuring Security
no ip firewall ip-options {loose-source-route | strict-source-route | record-
route | time-stamp | other | all} {in | out | both}
Default
IP options are not allowed inbound and outbound.
Mode
Interface configuration:
XSR(config-if
Example
The following example sets loose source routing on both incoming and outgoing packets at F2:
XSR(config-if
ip firewall sync-attack-protect
The SYNC attack monitor/blocker isolates a host that generates a flood of SYNC packets to the
XSR’s firewall and blocks traffic from that specific host, while allowing data packets to pass.
Syntax
ip firewall sync-attack-protect {block-host | check-host | sync-queue} threshold
[threshold]
Syntax of the “no” Form
The no form of this command disables the function:
no ip firewall sync-attack-protect {block-host | check-host | sync-queue}
threshold
Mode
Interface configuration:
XSR(config-if
block-host
Block host when sync packet rate exceeds this value (sync packets/sec). The
XSR can block up to 20 hosts at any given time. When blocked, all sync packets
to and frames host are dropped, while other packets are allowed to go
through. XSR automatically unblock host when the sync packet rate of the host
drops to zero for 25 seconds.
Threshold range is 10 ‐ 5,000, default is 100
check-host
Starts to monitor sync packet rate of each host of a Class C subnet if the sync
packet rate of the subnet exceeds this value. The XSR can monitor up to 3,000
class C subnets.
Threshold range is 10 ‐ 5,000, default is 100
sync-queue
Initiates sync attack protection when sync backlog queue exceeds this value.
Range is 50 to 5,000, default is 500.
threshold
The limit in which the above parameters are enabled.