Command Reference Guide Global Configuration Mode Command Set
61200510L1-35E Copyright © 2005 ADTRAN 423
ip firewall check winnuke
Use the ip firewall check winnuke command to enable the AOS stateful inspection firewall to discard all
out of band (OOB) data (to protect against WinNuke attacks). Use the no form of this command to disable
this feature.
Syntax Description
No subcommands.
Default Values
All AOS
security features are disabled by default until th e ip firewall command is issued at the Global
Configuratio n pr om pt. Issuing the ip firewall com m a nd enab l es th e WinN uke check.
Applicable Platforms
This command applies to the NetVanta 300, 1000R, 2000, 3000, 4000, and 5000 and Total Access 900
Series units.
Command History
Release 2.1 Command was introduced.
Functional Notes
WinNuke attack is a well-known de n ial of se rvic e at tack on hosts running Mic ro so ft Windows ® operating
systems. An intruder sends out of band (OOB) dat a over an established connection to a Windows user.
Windows cannot properly handle the OOB data and the host reacts unpredict ably . Normal shut-down of the
hosts will generally return all functionality. Using the ip firewall check winnuke comman d configures the
AOS
stateful inspection firewall to filter all OOB data to pre ve nt network problems.
Usage Examples
The following example enables the firewall to filter all OOB data:
(config)#ip firewall check winnuke
The AOS security featur es must be enabled (using the ip firewall command) for the stateful
inspection firewall to be activated.