AT-S62 Command Line User’s Guide
371
SET DOS PINGOFDEATHSyntax
set dos pingofdeath port=port state=enable|disable
[mirrorport=port]
Parameters
port Specifies the switch ports on which to enable or
disable the Ping of Death defense. You can specify
more than one port at a time.
state Specifies the state of the IP Option defense. The
options are:
enable Activates the defense.
disable Deactivates the defense. This is the default.
mirrorport Specifies a port where invalid traffic is copied. You can
specify only one port.
Description
This command activates and deactivates the Ping of Death DoS defense.
In this DoS, an attacker sends an oversized, fragmented Ping packet to
the victim, which, if lacking a policy for handling oversized packets, may
freeze.
To defend against this form of attack, a switch port searches for the last
fragment of a fragmented Ping request and examines its offset to
determine if the packet size is greater than 63,488 bits. If it is, the
fragment is forwarded to the switch’s CPU for final packet size
determination. If the switch determines that the packet is oversized, the
following occurs:
❑The switch sends a trap to the management workstations.
❑The switch port discards the fragment and, for a one minute
period, discards all ingress Ping packets on the port.