Chapter 24: Denial of Service (DoS) Commands
374
SET DOS SYNFLOODSyntax
set dos synflood port=port state=enable|disable
Parameters
port Specifies the switch ports on which you want to
enable or disable this DoS defense. You can select
more than one port at a time.
state Specifies the state of the DoS defense. The options
are:
enable Activates the defense.
disable Deactivates the defense. This is the default.
Description
This command activates and deactivates the SYN ACK Flood DoS
defense.
In this type of attack, an attacker, seeking to overwhelm a victim with
TCP connection requests, sends a large number of TCP SYN packets with
bogus source addresses to the victim. The victim responds with SYN ACK
packets, but since the original source addresses are bogus, the victim
node does not receive any replies. If the attacker sends enough requests
in a short enough period, the victim may freeze operations once the
requests exceed the capacity of its connections queue.
To defend against this form of attack, a switch port monitors the number
of ingress TCP-SYN packets it receives. If a port receives more 60 TCP-
SYN packets per second, the following occurs.
❑The switch sends a trap to the management workstations
❑The port discards all ingress TCP-SYN packets for a one minute
period.
This defense mechanism does not involve the switch’s CPU. You can
activate it on as many ports as you want without it impacting switch
performance.
Example
The following command activates the defense on ports 18 to 20:
set dos synflood port=18-20 state=enable