Table of Contents
Advertisement
D-Link Unified Switch CLI Command Reference
D
S
ENIAL OF
ERVICE
This section describes the commands you use to configure Denial of Service (DoS) Control. Unified Switch software provides
support for classifying and blocking specific types of Denial of Service attacks. You can configure your system to monitor
and block these types of attacks:
•
SIP = DIP: Source IP address = Destination IP address.
•
First Fragment:TCP Header size smaller then configured value.
•
TCP Fragment: IP Fragment Offset = 1.
•
TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or
TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
•
L4 Port: Source TCP/UDP Port = Destination TCP/UDP Port.
•
ICMP: Limiting the size of ICMP Ping packets.
dos-control all
This command enables Denial of Service protection checks globally.
Default
disabled
Format
dos-control all
Mode
Global Config
no dos-control all
This command disables Denial of Service prevention checks globally.
Format
no dos-control all
Mode
Global Config
dos-control sipdip
This command enables Source IP address = Destination IP address (SIP = DIP) Denial of Service protection. If the mode is
enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SIP = DIP, the packets will be
dropped if the mode is enabled.
Default
disabled
Format
dos-control sipdip
Mode
Global Config
no dos-control sipdip
This command disables Source IP address = Destination IP address (SIP = DIP) Denial of Service prevention.
Format
no dos-control sipdip
Mode
Global Config
© 2009 D-Link Corporation. All Rights Reserved
146
C
OMMANDS
Advertisement
Table of Contents
