Manualshelf

Reference Guide (Supporting software release 5.5.0.0 and later) Owner manual

ManualsBrandsBrocade ManualsComputer AccessoriesMobility RFS Controller CLI
1001100210031004100510061007100810091010
992 Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
14
ip dos tcp-max-incomplete [high|low] <1-1000>
ip tcp adjust-mss <472-1460>
ip tcp [optimize-unnecessary-resends|recreate-flow-on-out-of-state-syn|
validate-icmp-unreachable|validate-rst-ack-number|validate-rst-seq-number]
Example
rfs7000-37FABE(config-rw-policy-test)#ip dos fraggle drop-only
tcp-fin-scan Optional. A FIN scan finds services on ports. A closed port returns a RST. This allows the attacker to
identify open ports.
tcp-intercept Optional. Prevents TCP intercept attacks by using TCP SYN cookies
tcp-null-scan Optional. A TCP null scan finds services on ports. A closed port returns a RST. This allows the attacker to
identify open ports
tcp-post-syn Optional. Enables a TCP post SYN DoS attack
tcp-sequence-past-window Optional. Enables a TCP SEQUENCE PAST WINDOW DoS attack check. Disable this check to work around a
bug in Windows XP's TCP stack which sends data past the window when conducting a selective ACK.
tcp-xmas-scan Optional. A TCP XMAS scan finds services on ports. A closed port returns a RST. This allows the attacker to
identify open ports.
tcphdrfrag Optional. A DoS attack where the TCP header spans IP fragments
twinge Optional. A twinge attack is a flood of false ICMP packets to try and slow down a system
udp-short-hdr Optional. Enables the identification of truncated UDP headers and UDP header length fields
winnuke Optional. This DoS attack is specific to Windows™ 95 and Windows™ NT, causing devices to crash with a
blue screen
drop-only Optional. Drops a packet without logging
dos Identifies IP events as DoS events
tcp-max-incomplete Sets the limits for the maximum number of incomplete TCP connections
high Sets the upper limit for the maximum number of incomplete TCP connections
low Sets the lower limit for the maximum number of incomplete TCP connections
<1-1000> Sets the range limit from 1 - 1000 connections
tcp Identifies and configures TCP events and configuration items
adjust-mss Adjusts the TCP Maximum Segment Size (MSS). Use this option to adjust the MSS for TCP segments on
the router.
<472-1460> Sets the TCP MSS value from 472 - 1460 bytes. The default is 472 bytes.
tcp Identifies and configures TCP events and configuration items
optimize-unnecessary-resend
s
Enables the validation of unnecessary TCP packets
recreate-flow-on-out-of-state-s
ync
Allows a TCP SYN packet to delete an old flow in TCP_FIN_FIN_STATE, and TCP_CLOSED_STATE states and
create a new flow
validate-icpm-unreachable Enables the validation of the sequence number in ICMP unreachable error packets, which abort an
established TCP flow
validate-rst-ack-number Enables the validation of the acknowledgment number in RST packets, which abort a TCP flow
validate-rst-seq-number Enables the validation of the sequence number in RST packets, which abort an established TCP flow