Chapter 24: Denial of Service (DoS) Commands

Note

This defense mechanism requires some involvement by the switch’s CPU, though not as much as the Teardrop defense. This will not impact the forwarding of traffic between the switch ports, but it can affect the handling of CPU events, such as the processing of IGMP packets and spanning tree BPDUs. For this reason, Allied Telesyn recommends strictly limiting the use of this defense, activating it only on those ports where an attack is most likely to originate.

Examples

The following command activates the defense on ports 1 and 5:

set dos pingofdeath port=1,5 state=enable

372

Page 372
Image 372
Allied Telesis management software layer 2+ fast ethernet switches Following command activates the defense on ports 1