Allied-telesis AT-S63 Bedienungsanleitung PDF herunterladen (Seite 362)

100

101

Chapter 21: Denial of Service Defense Commands

362 Section II: Advanced Operations

SET DOS TEARDROP

Syntax

set dos teardrop port=

port

state=enable|disable

Parameters

port Specifies the switch ports on which you want to enable

or disable this DoS defense. You can select more than

one port at a time.

state Specifies the state of the DoS defense. The options

are:

enable Activates the defense.

disable Deactivates the defense. This is the default.

mirroring Specifies whether the examined traffic is copied to a

mirror port. Options are:

yes, on, true Traffic is mirrored. These values are

enabled equivalent.

no, off, false Traffic is not mirrored. This is the

disabled default. These values are equivalent.

Description

This command activates and deactivates the Teardrop DoS defense.

In this DoS attack, an attacker sends a packet in several fragments with a

bogus offset value, used to reconstruct the packet, in one of the fragments

to a victim. This results in the victim being unable to reassemble the

packet, possibly causing it to freeze operations.

The defense mechanism for this type of attack has all ingress IP traffic

received on a port sent to the switch’s CPU. The CPU samples related,

consecutive fragments, checking for fragments with invalid offset values. If

one is found, the following occurs:

 The switch sends a trap to the management stations.

 The switch blocks all traffic on the port for one minute.

Because the CPU examines only a sampling of the ingress IP traffic on a

port, there is no guarantee that the switch will catch or prevent all

occurrences of this attack.

1 2 ... 357 358 359 360 361 362 363 364 365 366 367 ... 679 680

Kommentare zu diesen Handbüchern

Keine Kommentare

Allied-telesis AT-S63 Bedienungsanleitung Seite 362

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Computerhardware Allied-telesis AT-S63