ADTRAN Stub Routing Dokumentacja Pobierz pdf (Strona 197)

100

101

Command Reference Guide Global Configuration Mode Command Set

ip firewall check syn-flood

Use the ip firewall check syn-flood command to enable the ADTRAN OS stateful inspection firewall to

filter out phony TCP service requests and allow only legitimate requests to pass through. Use the no form

of this command to disable this feature.

The ADTRAN OS security features must be enabled (using the ip firewall command) for

the stateful inspection firewall to be activated.

Syntax Description

No subcommands

Default Values

All ADTRAN OS security features are disabled by default until the ip firewall command is issued at the

the Global Configuration prompt. In addition, the SYN-flood check is disabled until the ip firewall check

syn-flood command is issued.

Command Modes

(config)# Global Configuration Mode

Command History

Release 2.1 Command was introduced

Functional Notes

SYN Flooding is a well-known denial of service attack on TCP-based services. TCP requires a three-way

handshake before actual communications begin between two hosts. A server must allocate resources to

process new connection requests that are received. A potential intruder is capable of transmitting large

amounts of service requests (in a very short period of time), causing servers to allocate all resources to

process the phony incoming requests. Using the

ip firewall check syn-flood

command configures the

ADTRAN OS stateful inspection firewall to filter out phony service requests and allow only legitimate requests

to pass through.

Usage Examples

The following example enables the ADTRAN OS syn-flood check:

(config)#

ip firewall check syn-flood

1 2 ... 192 193 194 195 196 197 198 199 200 201 202 ... 567 568

Komentarze do niniejszej Instrukcji

Brak uwag

ADTRAN Stub Routing Dokumentacja Strona 197

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Networking ADTRAN Stub Routing