Allied-telesis AT-S63 Uživatelský manuál stáhnout pdf (Strana 449)

100

101

AT-S63 Management Software Command Line Interface User’s Guide

449

SET DOS SYNFLOOD

Syntax

set dos synflood port=

port

state=enable|disable

Parameters

port Specifies the switch ports on which you want to

enable or disable this DoS defense. You can select

more than one port at a time.

state Specifies the state of the DoS defense. The options

are:

enable Activates the defense.

disable Deactivates the defense. This is the default.

Description

This command activates and deactivates the SYN ACK Flood DoS

defense.

In this type of attack, an attacker, seeking to overwhelm a victim with

TCP connection requests, sends a large number of TCP SYN packets with

bogus source addresses to the victim. The victim responds with SYN ACK

packets, but since the original source addresses are bogus, the victim

node does not receive any replies. If the attacker sends enough requests

in a short enough period, the victim may freeze operations once the

requests exceed the capacity of its connections queue.

To defend against this form of attack, a switch port monitors the number

of ingress TCP-SYN packets it receives. If a port receives more 60 TCP-

SYN packets per second, the following occurs.

❑ The switch sends a trap to the management stations

❑ The port discards all ingress TCP-SYN packets for a one minute

period.

This defense mechanism does not involve the switch’s CPU. You can

activate it on as many ports as you want without it impacting switch

performance.

1 2 ... 444 445 446 447 448 449 450 451 452 453 454 ... 463 464

Komentáře k této Příručce

Žádné komentáře

Allied-telesis AT-S63 Uživatelský manuál Strana 449

Komentáře k této Příručce

Související produkty a manuály pro Počítačový hardware Allied-telesis AT-S63