Security Configuration Command Set
Configuring Denial of Service Prevention
14-100 Matrix E1 Series (1G58x-09 and 1H582-xx) Configuration Guide
Syntax Description
Command Syntax of the “no” Form
The “no” form of this command disables the specified security features:
no HostDos {land | fragmicmp | largeicmp size | checkspoof}
Command Type
Router command.
Command Mode
Global configuration: Matrix>Router(config)#
Command Defaults
None.
Example
This example shows how to enable land attack and large ICMP packets protection for packets larger
than 2000 bytes:
land Enables land attack protection and automatically discards
illegal frames.
fragmicmp Enables fragmented ICMP and Ping of Death packets
protection and automatically discards illegal frames.
largeicmp size Enables large ICMP packets protection, specifies the
packet size above which the protection starts, and
automatically discards illegal frames. Valid packet size
values are 1 to 65535. The default is 1024.
checkspoof Enables spoofed address checking and automatically
reports spoofed addresses via Syslog.
portscan Enables port scan protection and automatically reports via
Syslog that port scanning is in progress.
Matrix>Router(config)#HostDos land
Matrix>Router(config)#HostDos largeicmp 2000