Switching Commands
213
ProSafe Managed Switch
This section describes the commands you use to configure Denial of Service (DoS) Control.
The software provides support for classifying and blocking specific types of Denial of Service
attacks. You can configure your system to monitor and block these types of attacks:
SIP=DIP: Source IP address = Destination IP address.
First Fragment: TCP Header size smaller then configured value.
TCP Fragment: IP Fragment Offset = 1.
TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP
Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence
Number = 0 or TCP Flags SYN and FIN set.
L4 Port: Source TCP/UDP Port = Destination TCP/UDP Port.
ICMP: Limiting the size of ICMP Ping packets.
SMAC = DMAC: Source MAC address = Destination MAC address.
TCP Port: Source TCP Port = Destination TCP Port.
UDP Port: Source UDP Port = Destination UDP Port.
TCP Flag & Sequence: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags
= 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP
Sequence Number = 0 or TCP Flags SYN and FIN set.
TCP Offset: TCP Header Offset = 1.
TCP SYN: TCP Flag SYN set.
TCP SYN & FIN: TCP Flags SYN and FIN set.
TCP FIN & URG & PSH: TCP Flags FIN and URG and PSH set and TCP Sequence
Number = 0.
ICMP V6: Limiting the size of ICMPv6 Ping packets.
ICMP Fragment: Checks for fragmented ICMP packets.
dos-control all
This command enables Denial of Service protection checks globally.
Default
Format dos-control all
Mode
no dos-control all
This command disables Denial of Service prevention checks globally.
Format no dos-control all
Mode
disabled
Global Config
Global Config