Netsh Commands for IPsec Denial of Service Protection

Updated: September 30, 2009

Applies To: Windows Server 2008 R2

The Netsh commands for IPsec Denial of Service (DoS) Protection enable you to configure a computer running Windows Server® 2008 R2 to filter network traffic to allow only IPv6 network traffic that is protected by Internet Protocol security (IPsec). It helps to prevent a denial of service attack by dropping all traffic that does not meet the filter requirements. In addition to allowing network traffic that is protected by the Encapsulating Security Payload (ESP) protocol, you can choose which IPsec negotiation protocols are allowed: Internet Key Exchange version 1 (IKEv1), IKEv2, and Authenticated IP (AuthIP). You can also configure IPsec denial of service protection to limit the rate of data transmission by negotiation protocols, and mark the data packets for Quality of Service (QoS) traffic shaping.

To run these commands at the command prompt, you must either enter the netsh ipsecdosprotection context or prepend the context to the command.

To run netsh ipsecdosprotection commands

1. At a command prompt with administrator permissions, type netsh, press ENTER, type ipsecdosprotection, and then press ENTER again.

2. Alternatively, if you are at the command prompt but have not entered a netsh context, you can type: netsh ipsecdosprotectioncommand

Where command is the command that you want to run, including all of the required parameters for the command, and any optional parameters that you want to include.

• Netsh Commands for IPsec Denial of Service Protection in Windows Server 2008 R2