Reference Guide (Supporting software release 5.5.0.0 and later) Owner manual
Brocade Mobility RFS Controller CLI Reference Guide 991
53-1003098-01
14
ip dos
{ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce|invalid-protocol|
ip-ttl-zero|ipsproof|land|option-route|router-advt|router-solicit|smurf|snork
|tcp-bad-sequence|tcp-fin-scan|tcp-intercept|tcp-null-scan|tcp-post-scan|tcp-
sequence-past-window|tcp-xmas-scan|tcphdrfrag|twinge|udp-short-hdr|winnuke}
[drop-only]
alerts Numerical severity 1. Indicates a condition where immediate action is required
critical Numerical severity 2. Indicates a critical condition
errors Numerical severity 3. Indicates an error condition
warnings Numerical severity 4. Indicates a warning condition
notification Numerical severity 5. Indicates a normal but significant condition
informational Numerical severity 6. Indicates a informational condition
debugging Numerical severity 7. Debugging messages
dos Identifies IP events as DoS events
ascend Optional. Enables an ASCEND DoS check. Ascend routers listen on UDP port 9 for packets from Ascend's
Java Configurator. Sending a formatted packet to this port can cause an Ascend router to crash.
broacast-multicast-icmp Optional. Detects broadcast or multicast ICMP packets as an attack
chargen Optional. The Character Generation Protocol (chargen) is an IP suite service primarily used for testing and
debugging networks. It is also used as a source of generic payload for bandwidth and QoS measurements.
fraggle Optional. A Fraggle DoS attack checks for UDP packets to or from port 7 or 19
ftp-bounce Optional. A FTP bounce attack is a MIM attack that enables an attacker to open a port on a different
machine using FTP. FTP requires that when a connection is requested by a client on the FTP port (21),
another connection must open between the server and the client. To confirm, the PORT command has the
client specify an arbitrary destination machine and port for the data connection. This is exploited by the
attacker to gain access to a device that may not be the originating client.
invalid-protocol Optional. Enables a check for invalid protocol number
ip-ttl-zero Optional. Enables a check for the TCP/IP TTL field having a value of zero (0)
ipsproof Optional. Enables a check for IP spoofing DoS attack
land Optional. A Local Area Network Denial (LAND) is a DoS attack where IP packets are spoofed and sent to a
device where the source IP and destination IP of the packet are the target device’s IP, and similarly, the
source port and destination port are open ports on the same device. This causes the attacked device to
reply to itself continuously.
option-route Optional. Enables an IP Option Record Route DoS check
router-advt Optional. This is an attack, where a default route entry is added remotely to a device. This route entry is
given preference, and thereby exposes an attack vector.
router-solicit Optional. Router solicitation messages are sent to locate routers as a form of network scanning. This
information can then be used to attack a device.
smurf Optional. In this attack, a large number of ICMP echo packets are sent with a spoofed source address.
This causes the device with the spoofed source address to be flooded with a large number of replies.
snork Optional. This attack causes a remote Windows™ NT to consume 100% of the CPU’s resources. This
attack uses a UDP packtet with a destination port of 135 and a source port of 7, 9, or 135. This attack
can also be exploited as a bandwidth consuming attack.
tcp-bad-sequence Optional. A DoS attack that uses a specially crafted TCP packet to cause the targeted device to drop all
subsequent network traffic for a specific TCP connection