Support User Manuals

D-Link dgs-3420 Work Light User Manual

Open as PDF

of 938

xStack® DGS-3420 Series Layer 2 Managed Stackable Gigabit Switch CLI Reference Guide

305

Chapter 27

DoS Attack

Prevention Commands

config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan |

tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]

{action [drop] | state [enable | disable]}

config dos_prevention log [enable | disable]

config dos_prevention trap [enable | disable]

show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin |

tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}

27-1 config dos_prevention dos_type

Description

This command is used to configure the prevention of each DoS attacks. The packet matching will

be done by hardware. For a specific type of attack, the content of the packet will be matched

against a specific pattern.

Format

config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan

| tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]

{action [drop] | state [enable | disable]}

Parameters

land_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent

LAND attacks.

blat_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent BLAT

attacks.

tcp_null_scan - (Optional) Specifies that the DoS attack prevention type will be set to prevent

TCP Null Scan attacks.

tcp_xmasscan - (Optional) Specifies that the DoS attack prevention type will be set to prevent

TCP Xmas Scan attacks.

tcp_synfin - (Optional) Specifies that the DoS attack prevention type will be set to prevent TCP

SYN FIN attacks.

tcp_syn_srcport_less_1024 - (Optional) Specifies that the DoS attack prevention type will be

set to prevent TCP SYN Source Port Less 1024 attacks.

ping_death_attack - (Optional) Specifies that the DoS attack prevention type will be set to

prevent Ping of Death attacks.

tcp_tiny_frag_attack - (Optional) Specifies that the DoS attack prevention type will be set to

prevent TCP Tiny Frag attacks.

all

- Specifies that the DoS attack prevention type will be set to prevent all attacks.

action - (Optional) Specifies the action that the DoS Prevention function will take.

drop - Specifies to drop all matched DoS attack packets.

state - (Optional) Specifies the DoS Attack Prevention state.

enable - Specifies that the DoS Attack Prevention state will be enabled.

disable

- Specifies that the DoS Attack Prevention state will be disabled.

previous next