D-Link DES-3052P - Dos Prevention Commands

358 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Switch CLI Reference Manual

311

44

DOS PREVENTION COMMANDS

The DoS Prevention commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the

following table.

Command Parameters

config dos_prevention

dos_type

[ { land_attack | blat_attack | smurf_attack | tcp_null_scan |

tcp_xmascan | tcp_synfin | tcp_syn_srcport_less_1024} (1)

| all] {action [ drop | mirror <port> { priority <value 0-7> |

rx_rate [ no_limit | <value 64-1024000> ] } ] | state [ enable

| disable ] }

show dos_prevention { land_attack | blat_attack | smurf_attack | tcp_null_scan |

tcp_xmascan | tcp_synfin | tcp_syn_srcport_less_1024 }

clear dos_prevention

counters

{ land_attack | blat_attack | smurf_attack | tcp_null_scan |

tcp_xmascan | tcp_synfin | tcp_syn_srcport_less_1024 }

enable dos_prevention

trap_log

disable dos_prevention

trap_log

Each command is listed, in detail, in the following sections .

config dos_prevention dos_type

Purpose This command is used to discard the l3 control packets sent to CPU from

specific ports.

Syntax

config dos_prevention dos_type [{ land_attack | blat_attack |

smurf_attack | tcp_null_scan | tcp_xmascan | tcp_synfin |

tcp_syn_srcport_less_1024}(1) | all ] {action [ drop | mirror <port> {

priority <value 0-7> | rx_rate [ no_limit | <value 64-1024000> ] } ] |

state [ enable | disable ]}

Description This command configures the prevention of each DoS attack, and

includes state and action. The packets matching will be used by the

hardware. For a specific type of attack, the content of the packet,

regardless of the receipt port or destination port, will be matched against

a specific pattern.

Parameters

dos  The type of DoS attack. Possible values are as follows:

land_attack

blat_attack

smurf_attack

tcp_null_scan

tcp_xmascan

tcp_synfin

tcp_syn_srcport_less_1024

state  Used to enable or disable DoS prevention.

By default, prevention for all types of DOS is enabled, except for

tcp_syn_srcport_less_1024.

action  When enabling DoS prevention, the following actions can be

taken.

drop – drop the attack packets

mirror – mirror the packet to other port for further process.

Table of Contents

Other manuals for D-Link DES-3052P

User Manual273 pages

Related product manuals

D-Link DES-3052

Preview: D-Link DES-3028

D-Link DES-3028

Preview: D-Link DES-3010FA

D-Link DES-3010FA

Preview: D-Link DES-3010GA

D-Link DES-3010GA

Preview: D-Link DES-3526

D-Link DES-3526

Preview: D-Link DES-3528

D-Link DES-3528

Preview: D-Link DES-3550

D-Link DES-3550

Preview: D-Link DES-3326S

D-Link DES-3326S

Preview: D-Link DES-3226S

D-Link DES-3226S

Preview: D-Link DES-3350SR

D-Link DES-3350SR

D-Link xStack DES-3526

Preview: DES-3526 - Switch - Stackable

DES-3526 - Switch - Stackable