D-Link X-STACK DES-3200 SERIES - Chapter 24 Dos Attack Prevention Command List

D-Link X-STACK DES-3200 SERIES

647 pages

Save Page as PDF

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

xStack

®

DES-3200 Series Layer 2 Managed Fast Ethernet Switch CLI Reference Guide

224

Chapter 24

DoS Attack Prevention

Command List

config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan |

tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]

{action [drop] | state [enable | disable]}

show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin |

tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}

config dos_prevention trap [enable | disable]

config dos_prevention log [enable | disable]

24-1 config dos_prevention dos_type

Description

This command is used to configure the prevention of each Denial-of-Service (DoS) attack,

including state and action. The packet matching will be done by hardware. For a specific type of

attack, the content of the packet will be matched against a specific pattern.

Format

config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan

| tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]

{action [drop] | state [enable | disable]}

Parameters

land_attack - (Optional) Check whether the source address is equal to destination address of a

received IP packet.

blat_attack - (Optional) Check whether the source port is equal to destination port of a received

TCP packet.

tcp_null_scan - (Optional) Check whether a received TCP packet contains a sequence number

of 0 and no flags

tcp_xmasscan - (Optional) Check whether a received TCP packet contains URG, Push and FIN

flags.

tcp_synfin - (Optional) Check whether a received TCP packet contains FIN and SYN flags.

tcp_syn_srcport_less_1024 - (Optional) Check whether the TCP packets source ports are less

than 1024 packets.

ping_death_attack - (Optional) Detect whether received packets are fragmented ICMP packets.

tcp_tiny_frag_attack - (Optional) Check whether the packets are TCP tiny fragment packets.

all - Specify all DoS attack type.

action – (Optional) When enabling DoS prevention, the following actions can be taken.

drop – Drop DoS attack packets.

state - (Optional) Specify the DoS attack prevention state.

enable - Enable DoS attack prevention.

disable - Disabe DoS attack prevention.

Restrictions

Only Administrator, Operator and Power-User level users can issue this command.

Table of Contents

Related product manuals

Preview: D-Link xStack DES-3200-10

D-Link xStack DES-3200-10

Preview: D-Link xStack DES-3200 Series

D-Link xStack DES-3200 Series

Preview: D-Link DIR-X5460

D-Link DIR-X5460

Preview: D-Link DSL-X1852E

D-Link DSL-X1852E

Preview: D-Link COVR-X1862

D-Link COVR-X1862

Preview: D-Link Xtreme N DIR-825

D-Link Xtreme N DIR-825

Preview: D-Link XTREME N DIR-655

D-Link XTREME N DIR-655

D-Link Xtreme N DIR-685

Preview: D-Link Exo AX DIR-X5460

D-Link Exo AX DIR-X5460

D-Link xStack DGS-3426G

Preview: D-Link COVRAX COVR-X1860

D-Link COVRAX COVR-X1860

D-Link AirPlus Xtreme DI-624