202
The following entries are displayed on this screen:
Auto Refresh
Enable/Disable the Auto Refresh feature.
Specify the refresh interval to display the ARP Statistics.
Illegal ARP Packet
Displays the port number.
Indicates the port is an ARP Trusted Port or not.
Displays the number of the received illegal ARP packets.
12.3 DoS Defend
DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network
attackers or the evil programs sending a lot of service requests to the Host, which incurs an
abnormal service or even breakdown of the network.
With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets
and distinguish the malicious DoS attack packets. Upon detecting the packets, the switch will
discard the illegal packets directly and limit the transmission rate of the legal packets if the
over legal packets may incur a breakdown of the network. The switch can defend several types
of DoS attack listed in the following table.
DoS Attack Type Description
Land Attack The attacker sends a specific fake
SYN packet to the destination
Host. Since both the source IP address and the destination IP
address of the SYN packet are set to be the IP address of the Host,
the Host will be trapped in an endless circle for building the initial
connection. The performan
ce of the network will be reduced
extremely.
Scan SYNFIN The attacker sends the packet with its SYN field and the FIN field set
to 1. The SYN field is used to request initial connection whereas the
FIN field is used to request disconnection. Therefore, the packet of
this type is illegal. The switch can defend this type of illegal packet.
Xmascan The attacker sends the illegal packet with its TCP index, FIN, URG
and PSH field set to 1.
NULL Scan Attack The attacker sends the illegal packet with its TCP index and all the
control fields set to 0. During the TCP connection and data
transmission, the packets with all the control fields set to 0 are
considered as the illegal packets.
SYN sPort less 1024 The attacker sends the illegal packet with its TCP SYN field set to 1
and source port less than 1024.
To Next Page
Loading...
