FUJITSU PSWITCH User’s Guide
106 December/2018
3.1.5.9. DOS (Denial of Service)
The switch supports configurable Denial of Service (DoS) attack protection for many
different types of attacks.
The following list shows the DoS attack detection that this software supports.
SIP = DIP :
• Source IP address = Destination IP address.
First Fragment :
• TCP Header size smaller then configured value.
TCP Fragment :
• IP Fragment Offset = 1.
TCP Flag :
• TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and
• TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and
• TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
L4 Port :
• Source TCP/UDP Port = Destination TCP/UDP Port.
ICMPv4 :
• Limiting the size of ICMP Ping packets.
TCP Port :
• Source TCP Port = Destination TCP Port.
UDP Port :
• Source UDP Port = Destination UDP Port.
TCP Flag & Sequence:
• TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and
• TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and
• TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
TCP Offset :
• Checks for TCP header offset =1.
To Next Page
Loading...
Need help?
General
