Denial of Service (DoS) Commands
Cisco Sx350 Ph. 2.2.5 Devices - Command Line Interface Reference Guide
User Guidelines
On ports in which an ACL is defined (user-defined ACL etc.), this feature cannot block TCP SYN
packets. In case the protection mode is block but SYN Traffic cannot be blocked, a relevant
SYSLOG message will be created, e.g.: "port gi11 is under TCP SYN attack. TCP SYN traffic
cannot be blocked on this port since the port is bound to an ACL."
Examples
The following example sets the TCP SYN protection feature to report
Example 1:
TCP SYN attack on ports in case an attack is identified from these ports.
switchxxxxxx(config)#
...
01-Jan-2012 05:29:46:
The following example sets the TCP SYN protection feature to block
Example 2:
TCP SYN attack on ports in case an attack is identified from these ports.
switchxxxxxx(config)#
...
01-Jan-2012 05:29:46:
traffic destined to the local system is automatically blocked for 100
seconds.
10.10 security-suite syn protection recovery
To set the time period for the SYN Protection feature to block an attacked
interface, use the security-suite syn protection period Global Configuration mode
command.
To set the time period to its default value, use the no form of this command.
Syntax
security-suite syn protection recovery timeout
no security-suite syn protection recovery
security-suite syn protection mode report
A TCP SYN Attack was identified on port
security-suite syn protection mode block
A TCP SYN Attack was identified on port
10
gi1
1
gi1
1. TCP SYN
276