Filter
Top Products
Chapter 8: IP Routing Configuration Guide
86 SmartSwitch Router User Reference Manual
Configuring Denial of Service (DOS)
By default, the SSR installs flows in the hardware so that packets sent as directed
broadcasts are dropped in hardware, if directed broadcast is not enabled on the interface
where the packet is received. You can disable this feature, causing directed broadcast
packets to be processed on the SSR even if directed broadcast is not enabled on the
interface receiving the packet.
Similarly, the SSR installs flows to drop packets destined for the SSR for which service is
not provided by the SSR. This prevents packets for unknown services from slowing the
CPU. You can disable this behavior, causing these packets to be processed by the CPU.
To cause directed broadcast packets to be processed on the SSR, even if directed broadcast
is not enabled on the interface receiving the packet:
To allow packets destined for the SSR, but do not have a service defined for them on the
SSR, to be processed by the SSR’s CPU:
Monitoring IP Parameters
The SSR provides display of IP statistics and configurations contained in the routing table.
Information displayed provides routing and performance information.
The ip show commands display IP information, such as routing tables, TCP/UDP
connections, and IP interface configuration, on the SSR. The following example displays
all established connections and services of the SSR.
ssr(config)# ip dos disable directed-broadcast-protection
ssr(config)# ip dos disable port-attack-protection
ssr# ip show connections
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address
(state)
tcp 0 0 *:gated-gii *:* LISTEN
tcp 0 0 *:http *:* LISTEN
tcp 0 0 *:telnet *:* LISTEN
udp 0 0 127.0.0.1:1025 127.0.0.1:162
udp 0 0 *:snmp *:*
udp 0 0 *:snmp-trap *:*
udp 0 0 *:bootp-relay *:*
udp 0 0 *:route *:*
udp 0 0 *:* *:*