Specifications
Security Configuration Command Set
Configuring Denial of Service Prevention
14-112 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
14.3.8.2 HostDos
Use this command to enable or disable Denial of Service security features.
HostDoS {land | fragmicmp | largeicmp size | checkspoof | portscan
number-of-ports}
Syntax Description
Command Syntax of the “no” Form
The “no” form of this command disables the specified security features:
no HostDoS {land | fragmicmp | largeicmp size | checkspoof}
Command Type
Router command.
Command Mode
Global configuration: Matrix>Router(config)#
ROUTER: This command can be executed when the device is in router mode only. For
details on how to enable router configuration modes, refer to Section 3.3.3.
land Enables land attack protection and automatically discards
illegal frames.
fragmicmp Enables fragmented ICMP and Ping of Death packets
protection and automatically discards illegal frames.
largeicmp size Enables large ICMP packets protection, specifies the
packet size above which the protection starts, and
automatically discards illegal frames. Valid packet size
values are 1 to 65535. The default is 1024.
checkspoof Enables spoofed address checking and automatically
reports spoofed addresses via Syslog.
portscan
number-of-ports
Enables port scan protection, specifies the number of
different UDP or TCP port connection failures until
protection is activated, and automatically reports via
Syslog that port scanning is in progress. The default
number of ports is 10.