IP Configuration Configuring IP
page 15-26 OmniSwitch AOS Release 7 Network Configuration Guide June 2013
The above functions and how to set their values are covered in the sections that follow.
Setting Penalty Values
You can set a penalty value for the following types of traffic:
• TCP/UDP packets bound for closed ports.
• TCP traffic bound for open ports.
• UDP traffic bound for open ports.
Each type has its own command to assign a penalty value. Penalty values can be any non-negative integer.
Each time a packet is received that matches an assigned penalty, the total penalty value for the switch is
increased by the penalty value of the packet in question.
To assign a penalty value to TCP/UDP packets bound for a closed port, use the ip dos scan close-port-
penalty command with a penalty value. For example, to assign a penalty value of 10 to TCP/UDP packets
destined for closed ports, enter the following:
-> ip dos scan close-port-penalty 10
To assign a penalty value to TCP packets bound for an open port, use the ip dos scan tcp open-port-
penalty command with a penalty value. For example, to assign a penalty value of 10 to TCP packets
destined for opened ports, enter the following:
-> ip dos scan tcp open-port-penalty 10
To assign a penalty value to UDP packets bound for an open port, use the ip dos scan udp open-port-
penalty command with a penalty value. For example, to assign a penalty value of 10 to TCP/UDP packets
destined for closed ports, enter the following:
-> ip dos scan udp open-port-penalty 10
DoS Settings
UDP/TCP closed = 10
UDP open =20
TCP open = 5
Threshold = 2000
Decay = 2
Minute 2 Penalty Total = 2150
Generate DoS
Attack Warning
Trap
10 TCP closed port packets
10 UDP closed port packets
100 UDP open port packets
To Next Page
Loading...
Need help?
General