Chapter 34: Denial of Service (DoS) Defense Commands
448
SET DOS SMURF
Syntax
set dos smurf port=
port
state=enable|disable
Parameters
port Specifies the switch ports on which you want to
enable or disable SMURF defense. You can select more
than one port at a time.
state Specifies the state of the SMURF defense. The options
are:
enable Activates the defense.
disable Deactivates the defense. This is the default.
Description
This command activates and deactivates the SMURF DoS defense.
This DoS attack is instigated by an attacker sending a Ping request
containing a broadcast address as the destination address and the
address of the victim as the source of the Ping. This overwhelms the
victim with a large number of Ping replies from other network nodes.
A switch port defends against this form of attack by examining the
destination addresses of ingress Ping packets and discarding those that
contain a broadcast address as a destination address.
To implement this defense, you need to specify the IP address of any
device on your network, preferably the lowest IP address, and a mask
using “SET DOS” on page 442. The switch uses the combination of the
two to determine your network’s broadcast address. Any ingress Ping
packets containing the broadcast address are discarded.
This defense mechanism does not involve the switch’s CPU. You can
activate it on as many ports as you want without having it negatively
impact switch performance.
Example
The following command activates this defense on port 17:
set dos smurf port=17 state=enable
To Next Page
Loading...
Need help?
General
