42 | Chapter 2: Configuring System Information
FS728TP Smart Switch Software Administration Manual
To configure individual DoS settings:
1. Select the types of DoS attacks for the switch to monitor and block and configure any
associated values, as the following list describes.
• Denial of Service SIP=DIP. Enable or disable this option by selecting the appropriate
radio button. Enabling SIP=DIP DoS prevention causes the switch to drop packets
that have a source IP address equal to the destination IP address. The factory default
is Disable.
• Denial of Service First Fragment. Enable or disable this option by selecting the
appropriate radio button. Enabling First Fragment DoS prevention causes the switch
to drop packets that have a TCP header smaller than the configured Min TCP Hdr
Size. The factory default is Disable.
• Denial of Service Min TCP Hdr Size. Specify the Min TCP Hdr Size allowed. If First
Fragment DoS prevention is enabled, the switch will drop packets that have a TCP
header smaller than this configured Min TCP Hdr Size. The factory default is 20
bytes.
• Denial of Service TCP Fragment. Enable or disable this option by selecting the
appropriate radio button. Enabling TCP Fragment DoS prevention causes the switch
to drop packets that have an IP fragment offset equal to 1. The factory default is
Disable.
• Denial of Service TCP Flag. Enable or disable this option by selecting the
appropriate radio button. Enabling TCP Flag DoS prevention causes the switch to
drop packets that have TCP flag SYN set and TCP source port less than 1024 or TCP
control flags set to 0 and TCP sequence number set to 0 or TCP flags FIN, URG, and
PSH set and TCP sequence number set to 0 or both TCP flags SYN and FIN set. The
factory default is Disable.
To Next Page
Loading...
Need help?
General