XS712T Smart Switch

Denial of Service Min TCP Header Size: Specify the minimum TCP header size allowed. If DoS TCP Fragment is enabled, the switch will drop packets that have a TCP header smaller than the configured value.

Denial of Service ICMPv4: Enabling ICMPv4 DoS prevention causes the switch to drop ICMPv4 packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMPv4 Pkt Size. The factory default is disabled.

Denial of Service Max ICMPv4 Packet Size: Specify the maximum ICMPv4 packet size allowed. If ICMPv4 DoS prevention is enabled, the switch will drop IPv4 ICMP ping packets that have a size greater than the configured value.

Denial of Service ICMPv6: Enabling ICMPv6 DoS prevention causes the switch to drop ICMPv6 packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMPv6 Pkt Size.

Denial of Service Max ICMPv6 Packet Size: Specify the Max IPv6 ICMP packet size allowed. If ICMPv6 DoS prevention is enabled, the switch will drop IPv6 ICMP ping packets that have a size greater than this configured Max ICMPv6 Pkt Size.

Denial of Service First Fragment: Enabling First Fragment DoS prevention causes the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets. Otherwise, switch ignores the first fragment IP packages.

Denial of Service ICMP Fragment: Enabling ICMP Fragment DoS prevention causes the switch to drop ICMP Fragmented packets.

Denial of Service SIP=DIP: Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address.

Denial of Service SMAC=DMAC: Enabling SMAC=DMAC DoS prevention causes the switch to drop packets that have a source MAC address equal to the destination MAC address.

Denial of Service TCP FIN&URG&PSH: Enabling TCP FIN & URG & PSH DoS prevention causes the switch to drop packets that have TCP Flags FIN, URG, and PSH set and TCP Sequence Number equal to 0.

Denial of Service TCP Flag&Sequence: Enabling TCP Flag DoS prevention causes the switch to drop packets that have TCP control flags set to 0 and TCP sequence number set to 0.

Denial of Service TCP Fragment: Enabling TCP Fragment DoS prevention causes the switch to drop packets that have a TCP payload where the IP payload length minus the IP header size is less than the minimum allowed TCP header size.

Denial of Service TCP Offset: Enabling TCP Offset DoS prevention causes the switch to drop packets that have a TCP header Offset set to 1.

Denial of Service TCP Port: Enabling TCP Port DoS prevention causes the switch to drop packets that have TCP source port equal to TCP destination port.

Denial of Service TCP SYN: Enabling TCP SYN DoS prevention causes the switch to drop packets that have TCP Flags SYN set.

Denial of Service TCP SYN&FIN: Enabling TCP SYN & FIN DoS prevention causes the switch to drop packets that have TCP Flags SYN and FIN set.

42

Page 41 Page 43
Page 42
Image 42
NETGEAR XS712T-100NES manual XS712T Smart Switch
Page 41 Page 43
Top Page Image Contents