Configuration Guide 568
Configuring Network Security DoS Defend Configuration
SYN sPort less
1024
The attacker sends the illegal packet with its TCP SYN field set to 1 and source
port smaller than 1024.
Blat Attack The attacker sends the illegal packet with the same source port and destination
port on Layer 4 and with its URG field set to 1. Similar to the Land Attack, the
system performance of the attacked host is reduced because the Host circularly
attempts to build a connection with the attacker.
Ping Flooding The attacker floods the destination system with Ping packets, creating a
broadcast storm that makes it impossible for the system to respond to legal
communication.
SYN/SYN-ACK
Flooding
The attacker uses a fake IP address to send TCP request packets to the server.
Upon receiving the request packets, the server responds with SYN-ACK packets.
Since the IP address is fake, no response will be returned. The server will keep
on sending SYN-ACK packets. If the attacker sends overflowing fake request
packets, the network resource will be occupied maliciously and the requests of
the legal clients will be denied.
WinNuke Attack Because the Operation System with bugs cannot correctly process the URG
(Urgent Pointer) of TCP packets, the attacker sends this type of packets to the
TCP port139 (NetBIOS) of the host with the Operation System bugs, which will
cause the host with a blue screen.
Smurf Attack The attacker broadcasts large numbers of Internet Control Message Protocol
(ICMP) packets with the intended victim’s spoofed source IP to a computer
network using an IP broadcast address. Most devices on a network will respond
to this by sending a reply to the source IP address. If the number of devices on
the network that receive and respond to these packets is very large, the victim’s
host will be flooded with traffic, which can slow down the victim’s host and cause
the host impossible to work on.
Ping Of Death The attacker sends an improperly large Internet Control Message Protocol (ICMP)
echo request packet, or a ping packet, with the purpose of overflowing the input
buffers of the destination host and causing the host to crash.
3) Click Apply.
Note:
If a port is in an LAG, its 802.1X authentication function cannot be enabled. Also, a port with 802.1X
authentication enabled cannot be added to any LAG.
5.2 Using the CLI
Follow these steps to configure DoS Defend:
Step 1 configure
Enter global configuration mode.
Step 2 ip dos-prevent
Globally enable the DoS defend feature.
To Next Page
Need help?
General