Manuals / Brands / Computer Equipment / Switch / ZyXEL Communications / Computer Equipment / Switch

ZyXEL Communications ES-1552, ZyXEL 52-port Web-managed Ethernet Switch Auto Denial of Service (DoS), 15.1 About Denial of Service Attacks, 15.1.1 DoS Attacks Summary

1 172

Download 172 pages, 4.78 Mb

15

Auto Denial of Service (DoS)

This chapter shows you how to configure automatic Denial of Service prevention on the switch.

15.1 About Denial of Service Attacks

Denial of Service (DoS) attacks try to disable a device or network so users no longer have access to network resources. The switch has features which automatically detect and thwart currently known DoS attacks.

15.1.1 DoS Attacks Summary

The following table summarizes the types of attacks the switch can prevent.

Table 29 DoS Attack Summary

ATTACK	DESCRIPTION
Land Attacks	These attacks result from sending a specially crafted packet to a machine
	where the source host IP address is the same as the destination host IP
	address. The system attempts to reply to itself, resulting in system lockup.

Blat Attacks	These attacks result from sending a specially crafted packet to a machine
	where the source host port is the same as the destination host port. The
	system attempts to reply to itself, resulting in system lockup.

SYNFIN scans	SYNchronization (SYN), ACKnowledgment (ACK) and FINish (FIN)
	packets are used to initiate, acknowledge and conclude TCP/IP
	communication sessions. The following scans exploit weaknesses in the
	TCP/IP specification and try to illicit a response from a host to identify ports
	for an attack:
	Scan SYNFIN - SYN and FIN bits are set in the packet.
	Xmascan - TCP sequence number is zero and the FIN, URG and PSH bits
	are set.
	NULL Scan - TCP sequence number is zero and all control bits are zeroes.
	SYN with port < 1024 - SYN packets with source port less than 1024.

Smurf Attacks	This attack uses Internet Control Message Protocol (ICMP) echo requests
	packets (pings) to cause network congestion or outages.

Ping Flooding	This attack floods the target network with ICMP packets.

SYN/SYN-ACK Flooding	This attack floods the target network with SYN or SYN/ACK packets.

	89
ES-1552 User’s Guide	89

Contents

www.zyxel.com Page About This User's Guide Document Conventions Icons Used in Figures Safety Warnings Page Page Contents Overview Page Table of Contents Part II: Basic & Advanced Settings Page Auto Denial of Service (DoS) Auto VoIP Part III: Management and Troubleshooting RMON-Lite Part IV: Appendices and Index List of Figures Page Page Page List of Tables Page Page Page PART Introduction and Hardware Overview Page Getting to Know Your Switch 1.1 Introduction 1.1.1 Backbone Application 1.1.2 Bridging Example 1.1.3 High Performance Switching Example 1.1.4 IEEE 802.1Q VLAN Application Examples Page Hardware Installation and Connection 2.1 Freestanding Installation 2.2 Mounting the Switch on a Rack 2.2.1Rack-mountedInstallation Requirements 2.2.2Attaching the Mounting Brackets to the Switch 2.2.3Mounting the Switch on a Rack Page Hardware Overview 3.1 Panel Connections and the RESET Button 3.1.1 Ethernet Ports 3.1.2Mini-GBICSlots 3.2 The RESET Button 3.3Rear Panel 3.3.1 Power Connector 3.4 LEDs Page Page Basic & Advanced Settings Page The Web Configurator 4.1 Introduction 4.2System Login 4.3The Status Screen 4.3.1 The LED Panel 4.3.2 The Navigation Panel 4.3.3 Change Your Password 4.4 Saving Your Configuration 4.5 Switch Lockout 4.6Resetting the Switch 4.7 Logging Out of the Web Configurator 4.8 Help System 5.1 System Screen 5.1.1 Configure IP Address 5.1.2 Layer 2 (L2) Table Aging 5.1.3 Backup Settings 5.1.4Restore Settings 5.2 System: Change Password 5.3 Firmware Upgrade 5.3.1 System: Restart/Reset Page Port Settings 6.1 Port Status 6.2 Port Configuration Page Page System and Port Statistics 7.1 Overview 7.2 Statistics Summary 7.3 Port Statistics Page Page VLAN 8.1 Introduction to IEEE 802.1Q Tagged VLANs 8.1.1 Forwarding Tagged and Untagged Frames 8.2 Static VLAN 8.2.1 IEEE 802.1Q VLAN Screen 8.2.2 Create IEEE 802.1Q VLAN Screen 8.2.3 Edit IEEE 802.1Q VLAN Screen Page Trunking 9.1 Trunking Overview 9.1.1 Distribution Criterion 9.2 Trunk Setting Screen Page Mirroring 10.1 Port Mirroring Settings Page QoS 11.1 QoS Overview 11.1.1 Weighted Round Robin (WRR) 11.1.2 Strict Priority 11.2 QoS Enhancement 11.3Configuring QoS 11.3.1 Change Number of Queues 11.4 Advanced QoS Settings 11.4.1Port Based QoS 11.4.2 DSCP Based QoS 11.4.3 Differentiated Services Code Point (DSCP) Overview 11.4.4 DSCP Based QoS Screen 11.4.5 ToS Based QoS 11.4.6 IP Address Based QoS Page Port Rate Limit and Storm Control 12.1 Port Rate Screen 12.1.1 Rate Limit Screen 12.1.2 Broadcast Storm Control Setup Page Layer 2 (L2) Management 13.1 Configuring L2 Management 13.1.1 Add a Static MAC Address Entry 13.2 Viewing the L2 Address Table Page Page Cable Diagnostics 14.1 Diagnostics Overview Page Auto Denial of Service (DoS) 15.1 About Denial of Service Attacks 15.1.1 DoS Attacks Summary 15.2 Global Auto DoS Attack Prevention 15.3 Advanced Auto DoS Attack Prevention Page Page Auto VoIP 16.1 About Auto VoIP 16.2Auto VoIP Settings Page ART Management and Troubleshooting Page Event Logging 17.1 Event Logging Overview 17.2 Logging Screen 17.3 Logging: Add Server 17.4 Viewing RAM and Flash Logs RAM Logs Flash Logs Logs - RAM or Logs - Flash 17.5 Searching RAM and Flash Logs Page 17.5.1 Search Results Page Page SNMP 18.1 About SNMP 18.1.1 Supported MIBs 18.1.2SNMP Traps 18.1.3 SNMP v3 and Authentication 18.1.4SNMP EngineID 18.2 SNMP Group 18.2.1 SNMP Group: Create 18.2.2 SNMP Group: Modify 18.3 SNMP User 18.3.1 SNMP User: Create 18.3.2 SNMP User: Modify 18.4 SNMP Community 18.4.1 SNMP Community: Create 18.4.2 SNMP Community: Modify 18.5 SNMP Notification 18.6 SNMP Trap Station 18.6.1 SNMP Trap Station: Create 18.6.2 SNMP Trap Station: Modify Page RMON-Lite 19.1 RMON-LiteOverview 19.2 RMON Statistics: Overview Page 19.3 RMON-LiteStatistics: Port 19.4 RMON-LiteHistory MIB 19.4.1RMON History Control: Overview 19.4.2 RMON History Control: Modify 19.4.3 RMON History Statistics: Overview 19.4.4 RMON History Statistics: Control Page 19.5 RMON Alarm: Overview 19.5.1 RMON Alarm: Create New Alarm RMON Alarm: Modify RMON Alarm: Create New Alarm 19.6 RMON Event: Overview 19.6.1 RMON Event: Create New Event RMON Event: Modify Event: Create 19.7 RMON Event Log: Overview 19.7.1 RMON Event Log: Event Page Page Dynamic ARP 20.1 ARP Table Overview 20.1.1 ARP Table Entries 20.1.2How Dynamic ARP Works 20.2 Enabling Dynamic ARP Table 66 ARP Table 20.3 Viewing ARP Table Entries 20.4 Adding ARP Table Entries Table 68 ARP Table Troubleshooting 21.1 Problems Starting Up the Switch 21.2 Problems Accessing the Switch 21.2.1 Pop-upWindows, JavaScripts and Java Permissions 21.2.1.1Internet Explorer Pop-upBlockers Tools Pop-up Blocker Turn Off 2Select Settings…to open the Pop-upBlocker Settings screen Allowed sites Close 21.2.1.2JavaScripts Security Custom Level Scripting Active scripting 21.2.1.3 Java Permissions Microsoft VM Java permissions 2make sure that Use Java 2 for <applet> under Java (Sun) is selected Page Appendices and Index Page Product Specifications Page Page Page IP Addresses and Subnetting Introduction to IP Addresses Structure Subnet Masks Network Size Notation Subnetting Example: Four Subnets Example: Eight Subnets Subnet Planning Configuring IP Addresses Private IP Addresses Legal Information Copyright Certifications ZyXEL Limited Warranty Note Registration Page Customer Support Denmark Finland France Germany Hungary North America Norway Poland Russia Spain Sweden Ukraine United Kingdom Index