User manual
Global Configuration Commands
5-53
dos [ascend|
bcast-mcast-icmp|
chargen|enable|fraggle|
ftp-bounce|
invalid-protocol|
option-route|router-advt|
router-solicit|smurf|
snork|tcp-intercept|
tcp-max-incomplete|
twinge]
log [<0-8>|
alerts|
critical|
debugging|
|emergencies|
errors|
informational|
none|
notifications|
warnings]
Configures the Denial of Service (DOS) attack parameters.
• ascend – Enables Ascend DoS checks.
• bcast-mcast-icmp – Detects Broadcast/Multicast Icmp
traffic as attack.
• chargen – Enables chargen DoS checks.
• enable – Enables all DoS checks.
• fraggle – Enables fraggle DoS checks.
• ftp-bounce – Enables FTP bounce logs and sets the
logging levels.
• invalid-protocol – Enables Invalid Protocol DoS attack
check and sets the logging levels for this attack.
• option-route – Enables IP option route check.
• router-advt – Enables ICMP router advertisement check.
• router-solicit – Enables ICMP router solicit check.
• smurf log – Enables smurf attack check.
• snork – Enables check for packets.
• tcp-intercept – Enables TCP intercept.
• twinge – Enables twinge check
For all the above DoS attacks, the following log options can
be set.
• <0-8> – Select one numerical log level. All messages
with and below this severity are logged.
• emergencies – System is unusable (level 0)
• alerts – Immediate action needed (level 1)
• critical – Critical conditions (level 2)
• errors – Error conditions (level 3)
• warnings – Warning conditions (level 4)
• notifications – Normal but significant conditions
(level 5)
• informational – Informational messages (level 6)
• debugging – Debugging messages (level 7)
• none –Disable logging (level 8)