3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
156 CHAPTER 10: ATTACK PREVENTION AND PACKET STATISTICS
■ To enable the port scan attack prevention function, make sure you enable the
outbound IP statistics function in the zone where the connection is initiated
and configure the port scan attack prevention function.
■ The timeout time for an address to remain blacklisted must be greater than the
firewall session aging time (configured with the firewall session aging-time
command); otherwise, an attack may bypass the Firewall module.
■ The blacklist function configured with this command takes effect only after the
blacklist function is enabled on the firewall.
Enabling/Disabling the
Attack Prevention
Function of the IP Packet
Carrying Source Route
Perform the following configuration in system view.
By default, the attack prevention function for the IP packet carrying source route is
disabled.
Enabling/Disabling
Attack Prevention for
Route Record Options
Perform the following configuration in system view.
By default, attack prevention for route record options is not enabled.
Enabling/Disabling the
Tracert Packet Control
Function
Perform the following configuration in system view.
By default, the Tracert packet control function is disabled.
Enabling/Disabling Ping
of Death Prevention
Function
Perform the following configuration in system view.
Tabl e 169 Enable/disable the attack prevention function for the IP packet carrying source
route
Operation Command
Enable the attack prevention function for the
IP packet carrying source route
firewall defend source-route
Disable the attack prevention function for the
IP packet carrying source route
undo firewall defend source-route
Tabl e 170 Enable/disable attack prevention for route record options
Operation Command
Enable attack prevention for route record
options
firewall defend route-record
Disable attack prevention for route record
options
undo firewall defend route-record
Tabl e 171 Enable/disable the Tracert packet control function
Operation Command
Enable the Tracert packet control function firewall defend tracert
Disable the Tracert packet control function undo firewall defend tracert
Tabl e 172 Enable/disable the ping of death prevention function
Operation Command
Enable the ping of death prevention function firewall defend ping-of-death
Disable the ping of death prevention function undo firewall defend ping-of-death