Reference Guide (Supporting software release 5.5.0.0 and later) Owner manual
1000 Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
14
no ip tcp
[adjust-mss|optimize-unnecessary-resends|recreate-flow-on-out-of-state-syn|va
lidate-icmp-unreachable|validate-rst-ack-number|validate-rst-seq-number]
snork Optional. Disables snork attack checks
This attack causes a remote Windows™ NT to consume 100% of the CPU’s resources. This attack
uses a UDP packtet with a destination port of 135 and a source port of 7, 9, or 135. This attack can
also be exploited as a bandwidth consuming attack.
tcp-bad-sequence Optional. Disables tcp-bad-sequence checks
This DoS attack uses a specially crafted TCP packet to cause the targeted device to drop all
subsequent network of a specific TCP connection. Disables tcp-bad-sequence check.
tcp-fin-scan Optional. Disables TCP FIN scan checks
A FIN scan finds services on ports. A closed port returns a RST. This allows the attacker to identify
open ports
tcp-intercept Optional. Disables TCP intercept attack checks
Prevents TCP intercept attacks by using TCP SYN cookies
tcp-null-scan Optional. Disables TCP Null scan checks
A TCP null scan finds services on ports. A closed port returns a RST. This allows the attacker to
identify open ports
tcp-post-syn Optional. Disables TCP post SYN DoS attack checks
tcp-sequence-past-window Optional. Disables TCP SEQUENCE PAST WINDOW DoS attack checks
Disable this check to work around a bug in Windows XP's TCP stack which sends data past the
window when conducting a selective ACK.
tcp-xmas-scan Optional. Disables TCP XMAS scan checks
A TCP XMAS scan finds services on ports. A closed port returns a RST. This allows the attacker to
identify open ports
tcphdrfrag Optional. Disables TCP header checks
A DoS attack where the TCP header spans IP fragments
twinge Optional. Disables twinge attack checks
A twinge attack is a flood of false ICMP packets to try and slow down a system
udp-short-hdr Optional. Disables UDP short header checks
Enables the identification of truncated UDP headers and UDP header length fields
winnuke Optional. Disables Winnuke checks
This DoS attack is specific to Windows™ 95 and Windows™ NT, causing devices to crash with a blue
screen
no ip Disables IP DoS events
tcp Identifies and disables TCP events and configuration items
adjust-mss Disables the adjust MSS configuration
optimize-unnecessary-resend
s
Disables the validation of unnecessary TCP packets
recreate-flow-on-out-of-state-
sync
Disallows a TCP SYN packet to delete an old flow in TCP_FIN_FIN_STATE, and TCP_CLOSED_STATE states
and create a new flow
validate-icpm-unreachable Disables the sequence number validation in ICMP unreachable error packets
validate-rst-ack-number Disables the acknowledgment number validation in RST packets
validate-rst-seq-number Disables the sequence number validation in RST packets