Allied-telesis AT-S63 Uživatelský manuál stáhnout pdf (Strana 355)

100

101

AT-S63 Management Software Command Line Interface User’s Guide

Section II: Advanced Operations 355

SET DOS IPOPTION

Syntax

set dos ipoption port=

port

state=enable|disable

Parameters

port Specifies the switch port where you want to enable or

disable the IP Option defense. You can specify more

than one port at a time.

state Specifies the state of the IP Option defense. The

options are:

enable Activates the defense.

disable Deactivates the defense. This is the default.

mirroring Specifies whether the examined traffic is copied to a

mirror port. Options are:

yes, on, true Traffic is mirrored. These values are

enabled equivalent.

no, off, false Traffic is not mirrored. This is the

disabled default. These values are equivalent.

Description

This command enables and disables the IP Option DoS defense.

This type of attack occurs when an attacker sends packets containing bad

IP options to a victim node. There are many different types of IP options

attacks and the AT-S63 management software does not try to distinguish

between them. Rather, a switch port where this defense is activated

counts the number of ingress IP packets containing IP options. If the

number exceeds 20 packets per second, the switch considers this a

possible IP options attack and does the following occurs:

 The switch sends a trap to the management stations.

 The switch blocks all traffic on the port for one minute.

This defense mechanism does not involve the switch’s CPU. You can

activate it on as many ports as you want without it impacting switch

performance.

1 2 ... 350 351 352 353 354 355 356 357 358 359 360 ... 679 680

Komentáře k této Příručce

Žádné komentáře

Allied-telesis AT-S63 Uživatelský manuál Strana 355

Komentáře k této Příručce

Související produkty a manuály pro Počítačový hardware Allied-telesis AT-S63