Chapter 8: IP Routing Configuration Guide86 SmartSwitch Router User Reference ManualConfiguring Denial of Service (DOS)By default, the SSR installs flows in the hardware so that packets sent as directedbroadcasts are dropped in hardware, if directed broadcast is not enabled on the interfacewhere the packet is received. You can disable this feature, causing directed broadcastpackets to be processed on the SSR even if directed broadcast is not enabled on theinterface receiving the packet.Similarly, the SSR installs flows to drop packets destined for the SSR for which service isnot provided by the SSR. This prevents packets for unknown services from slowing theCPU. You can disable this behavior, causing these packets to be processed by the CPU.To cause directed broadcast packets to be processed on the SSR, even if directed broadcastis not enabled on the interface receiving the packet:To allow packets destined for the SSR, but do not have a service defined for them on theSSR, to be processed by the SSR’s CPU:Monitoring IP ParametersThe SSR provides display of IP statistics and configurations contained in the routing table.Information displayed provides routing and performance information.The ip show commands display IP information, such as routing tables, TCP/UDPconnections, and IP interface configuration, on the SSR. The following example displaysall established connections and services of the SSR.ssr(config)# ip dos disable directed-broadcast-protectionssr(config)# ip dos disable port-attack-protectionssr# ip show connectionsActive Internet connections (including servers)Proto Recv-Q Send-Q Local Address Foreign Address(state)tcp 0 0 *:gated-gii *:* LISTENtcp 0 0 *:http *:* LISTENtcp 0 0 *:telnet *:* LISTENudp 0 0 127.0.0.1:1025 127.0.0.1:162udp 0 0 *:snmp *:*udp 0 0 *:snmp-trap *:*udp 0 0 *:bootp-relay *:*udp 0 0 *:route *:*udp 0 0 *:* *:*