Chapter 29 Dos Attack Prevention Commands - D-Link xStack DGS-3420 Series Reference Manual
Layer 2 managed stackable gigabit switch cli
Hide thumbs
Also See for xStack DGS-3420 Series:
- Reference manual (499 pages) ,
- Hardware installation manual (53 pages) ,
- How to set up (2 pages)
Table of Contents
Advertisement
xStack® DGS-3420 Series Layer 2 Managed Stackable Gigabit Switch CLI Reference Guide
Chapter 29
config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan |
tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all]
{action [drop] | state [enable | disable]}(1)
config dos_prevention log [enable | disable]
config dos_prevention trap [enable | disable]
show dos_prevention {land_attack | blat_attack | tcp_null_scan | tcp_xmasscan | tcp_synfin |
tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack}
29-1
config dos_prevention dos_type
Description
This command is used to configure the prevention of each DoS attacks. The packet matching will be
done by hardware. For a specific type of attack, the content of the packet will be matched against a
specific pattern.
Format
config dos_prevention dos_type [{land_attack | blat_attack | tcp_null_scan | tcp_xmasscan |
tcp_synfin | tcp_syn_srcport_less_1024 | ping_death_attack | tcp_tiny_frag_attack} | all] {action
[drop] | state [enable | disable]}(1)
Parameters
land_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent
LAND attacks.
blat_attack - (Optional) Specifies that the DoS attack prevention type will be set to prevent BLAT
attacks.
tcp_null_scan - (Optional) Specifies that the DoS attack prevention type will be set to prevent
TCP Null Scan attacks.
tcp_xmasscan - (Optional) Specifies that the DoS attack prevention type will be set to prevent
TCP Xmas Scan attacks.
tcp_synfin - (Optional) Specifies that the DoS attack prevention type will be set to prevent TCP
SYN FIN attacks.
tcp_syn_srcport_less_1024 - (Optional) Specifies that the DoS attack prevention type will be
set to prevent TCP SYN Source Port Less 1024 attacks.
ping_death_attack - (Optional) Specifies that the DoS attack prevention type will be set to
prevent Ping of Death attacks.
tcp_tiny_frag_attack - (Optional) Specifies that the DoS attack prevention type will be set to
prevent TCP Tiny Frag attacks.
all - Specifies that the DoS attack prevention type will be set to prevent all attacks.
action - (Optional) Specifies the action that the DoS Prevention function will take.
drop - Specifies to drop all matched DoS attack packets.
DoS Attack
Prevention Commands
386
Advertisement
Table of Contents
