Cisco 350 Series Administration Manual page 514

Security
Denial of Service Prevention
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4
The SYN Protection Interface Table displays the following fields for every port or LAG (as
requested by the user).
• Current Status—Interface status. The possible values are:
- Normal—No attack was identified on this interface.
- Blocked—Traffic is not forwarded on this interface.
- Attacked—Attack was identified on this interface.
• Last Attack—Date of last SYN-FIN attack identified by the system and the system
action (Reported or Blocked and Reported).
Martian Addresses
The Martian Addresses page enables entering IP addresses that indicate an attack if they are
seen on the network. Packets from these addresses are discarded.
The device supports a set of reserved Martian addresses that are illegal from the point of view
of the IP protocol. The supported reserved Martian addresses are:
• Addresses defined to be illegal in the Martian Addresses page.
• Addresses that are illegal from the point of view of the protocol, such as loopback
addresses, including addresses within the following ranges:
- 0.0.0.0/8 (Except 0.0.0.0/32 as a Source Address)—Addresses in this block refer
to source hosts on this network.
- 127.0.0.0/8—Used as the Internet host loopback address.
- 192.0.2.0/24—Used as the TEST-NET in documentation and example codes.
- 224.0.0.0/4 (As a Source IP Address)—Used in IPv4 Multicast address
assignments, and was formerly known as Class D Address Space.
- 240.0.0.0/4 (Except 255.255.255.255/32 as a Destination Address)—Reserved
address range, and was formerly known as Class E Address Space.
You can also add new Martian Addresses for DoS prevention. Packets that have a Martian
addresses are discarded.
17
371