Foundry notes

If someone tries to ping flood the router, this will handle it. If more than 4000 ICMP packets per second are received, the router will drop all ICMP for 60 seconds. If someone is pinging through the router, apply the command to an interface (e.g. int ve 2), or all of them.
ip icmp burst-normal 1000 burst-max 4000 lockup 60

If someone tries to SYN flood the router (or through the router) the following line applied globally or to the interfaces will help:
ip tcp burst-normal 10 burst-max 100 lockup 60

some self explanatory global statements

no ip icmp redirects
no ip icmp unreachable administration
no ip source-route
no ip icmp unreachable source-route-fail
telnet login-timeout 60

Some not-as-useful, but very sneaky stuff:
no ip icmp unreachable fragmentation-needed
no ip icmp unreachable host 
no ip icmp unreachable network
no ip icmp unreachable port
no ip icmp unreachable protocol

Some useful show commands: show statistics dos-attack show default show cpu show web-connections show vlans show rmon show rate-limit fixed show chassis show flash show version show module show media # gig port SX/LX/LHA/LHB show mac show arp

some other interesting stuff

When you turn on ip helper-address, it enables seven UDP services by turning the broadcast into a unicast directed at the "helper". These seven services (bootp, dns, tftp, time, netbios-ns, netbios-dgm, tacacs) can be enhanced with:
ip forward-protocol udp ?

Password Recover

connect to console port and hit b during boot to get into the boot monitor mode. Issue the command
no password
boot system flash primary 
config term
enable super-user-password new-enable-password
enable telnet password new-telnet-pass
no aaa authentication enable default local 

local users

to setup local users for telnet authentication:
enable telnet authentication
aaa authentication login default local 
username network password telnet-password
to setup local users for enable authentication:
aaa authentication enable default local
username admin password enable-password