Specifications
Security Configuration Command Set
Configuring Denial of Service Prevention
Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide 14-113
14.3.8.2 HostDos
Use this command to enable or disable Denial of Service security features.
HostDoS {land | fragmicmp | largeicmp size | checkspoof | portscan}
Syntax Description
Command Syntax of the “no” Form
The “no” form of this command disables the specified security features:
no HostDoS {land | fragmicmp | largeicmp size | checkspoof}
Command Type
Router command.
Command Mode
Global configuration: Matrix>Router(config)#
Command Defaults
None.
ROUTER: This command can be executed when the device is in router mode only. For
details on how to enable router configuration modes, refer to Section 3.3.3.
land Enables land attack protection and automatically discards
illegal frames.
fragmicmp Enables fragmented ICMP and Ping of Death packets
protection and automatically discards illegal frames.
largeicmp size Enables large ICMP packets protection, specifies the
packet size above which the protection starts, and
automatically discards illegal frames. Valid packet size
values are 1 to 65535. The default is 1024.
checkspoof Enables spoofed address checking and automatically
reports spoofed addresses via Syslog.
portscan Enables port scan protection and automatically reports via
Syslog that port scanning is in progress.