SROS Command Line Interface Reference Guide

Global Configuration Mode Command Set

 

 

ip firewall check syn-flood

Use the ip firewall check syn-floodcommand to enable the Secure Router OS stateful inspection firewall to filter out phony TCP service requests and allow only legitimate requests to pass through. Use the no form of this command to disable this feature.

Note

The Secure Router OS security features must be enabled (using the ip firewall command)

 

for the stateful inspection firewall to be activated.

 

 

Syntax Description

No subcommands.

Default Values

All Secure Router OS security features are disabled by default until the ip firewall command is issued at the Global Configuration prompt. In addition, the SYN-flood check is disabled until the ip firewall check syn-floodcommand is issued.

Command Modes

(config)#

Global Configuration Mode

Functional Notes

SYN Flooding is a well-known denial of service attack on TCP-based services. TCP requires a three-way handshake before actual communications begin between two hosts. A server must allocate resources to process new connection requests that are received. A potential intruder is capable of transmitting large amounts of service requests (in a very short period of time), causing servers to allocate all resources to process the phony incoming requests. Using the ip firewall check syn-floodcommand configures the Secure Router OS stateful inspection firewall to filter out phony service requests and allow only legitimate requests to pass through.

Usage Examples

The following example enables the Secure Router OS syn-flood check:

(config)#ip firewall check syn-flood

5991-2114

© Copyright 2005 Hewlett-Packard Development Company, L.P.

280

Page 280
Image 280
HP 7000 dl Router manual Ip firewall check syn-flood, Config#ip firewall check syn-flood