User guide
Firewall Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-128
Description This command sets the DOS (Denial of Service) attack block duration Intrusion Detec-
tion Setting (IDS). A DOS attack is an attempt by an attacker to prevent legitimate users
from using a service. If a DOS attack is detected, all suspicious hosts are blocked for a
set time limit. This command allows you to specify the duration of the block time limit.
Note: This command is nothing but an alias of the corresponding “security set IDS” command
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example --> firewall set IDS DOSattackblock 800
See also security set IdS Dosattackblock
4.3.2.0.24 FIREWALL SET IDS MAXICMP
Syntax FIREWALL SET IDS MAXICMP <MAX>
Description This command sets the maximum number of ICMP packets per second that are allowed
before an ICMP Flood is detected. An ICMP Flood is a DOS (Denial of Service) attack.
An attacker tries to flood the network with ICMP packets in order to prevent transpor-
tation of legitimate network traffic. Once the maximum number of ICMP packets per
second is reached, an attempted ICMP Flood is detected.
Note: This command is nothing but an alias of the corresponding “security set IDS” command
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example --> firewall set IDS MaxICMP 200
See also security set IDS MaxICMP
Option Description Default Value
duration The length of time (in seconds) that suspicious hosts are
blocked for once a DOS attack attempt has been detected.
1800
(30 minutes)
Option Description Default Value
max The maximum number (per second) of ICMP packets that
are allowed before an ICMP Flood attempt is detected.
100