Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1301130213031304130513061307130813091310
A-53
Command-Line Reference
Global Configuration Context
attack-setting
This command enables (or disables) the firewall’s attack checks.
Syntax: [no] attack-setting <attack>
Replace <attack> with the attack against which you want the firewall to check.
Available attacks are listed in Table A-14.
Table A-14. Available Attack Checks
The sequence-out-of-range option allows you to specify addition parameters.
You can set the limit at which a packet is considered out-of-range and the
number at which the sequence numbers reset. To enable this check and specify
these parameters, enter the following commands:
Syntax: attack-setting sequence-out-of-range
Syntax: attack-setting sequence-out-of-range [maximum difference <RST number>]
The first command enables the attack check, and the second command sets
the parameters.
Replace <maximum difference> with the value for the maximum difference
between an acknowledged packet’s sequence number and a valid packet
sequence number (1–65535).
Replace <RST number> with the value at which you want the sequence numbers
to reset (1–65535).
Option Definition See Chapter 4: “Firewall.
icmp-error ICMP error attack check “ICMP Error Messages”
icmp-replay ICMP replay attack check “ICMP Replay”
pre-connection-ack Pre-connection ACK attack check “Select or clear the Drop packets outside the
range check box as desired.”
sequence-out-of-range Sequence number out-of-range attack
check
“Sequence Number Out of Range
source-routing-check Source routing attack check “Source Routing”
syn-flood Syn flood attack check “SYN Flooding”
winnuke Winnuke attack check “WinNuke Attacks”
sequence-prediction Sequence number prediction attack
check
“Sequence Number Prediction