1. Home
  2. D-Link
  3. D-Link DXS-3600-32S User Manual
  4. Page 238

D-Link DXS-3600-32S 24-port Top Of Rack 10 Gigabit Managed Switch With Expansion Slot

User Manual - Page 238

For DXS-3600-32S.

PDF File Manual, 695 pages, Read Online | Download pdf file

DXS-3600-32S photo
Loading ...
Loading ...
Loading ...
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide
230
DoS Attack Prevention Commands
18-1 defense
This command is used to defend DoS attacks. Use the no form of the command to disable the defense attack
defense [land | blat | null-scan | xmascan | tcp-synfin | port-less-1024 | ping-death | tiny-frag] enable
no defense [land | blat | null-scan | xmascan | tcp-synfin | port-less-1024 | ping-death | tiny-frag] enable
Parameters
land Enable the defense land attack function.
blat Enable the defense blat attack function.
null-scan Enable the defense null scan attack function.
xmascan Enable the defense xmas scan attack function.
tcp-synfin Enable the defense tcp with synfin attack function.
port-less-1024 Enable the defense source port less 1024 attack function.
ping-death Enable the defense ping of death attack function.
tiny-frag Enable the defense tcp tiny fragment attack function.
Default
Defense land, blat, null-scan, xmascan, tcp-synfin, port-less-1024, ping-death, tiny-
frag disabled.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 15.
Usage Guideline
Defense DoS attack types are listed as bellow:
Land attack
A Land attack is a DoS attack that consists of sending a special poison spoofed
packet to a computer, causing it to lock up. A Land attack involves IP packets
where the source and destination address are set to address the same
device. The reason a Land attack works is because it causes the machine to
reply to itself continuously.
Detect method - Check whether the source address is equal to destination
address of a received IP packet.
Blat attack
A DoS attack in which the TCP/IP stack is flooded with SYN packets that have
spoofed source port number that match the destination port number causes
the machine to lock up.
Detect method - Check whether the source port is equal to destination port of a
received TCP packet.
Null Scan
Hackers use the TCP NULL scan to identify listening TCP ports. This scan also
uses a series of strangely configured TCP packets, which contain no flags.
Again, this type of scan can get through some firewalls and boundary routers
that filter on incoming TCP packets with standard flag settings. If the target
device’s TCP port is closed, the target device sends a TCP RST packet in
reply. If the target device’s TCP port is open, the target discards the TCP
NULL scan, sending no reply.
Detect method - Check whether a received TCP packet contains a sequence
number of 0 and no flags.
Loading ...
Loading ...
Loading ...