T2600G/Security/DOS Defend: Unterschied zwischen den Versionen
Keine Bearbeitungszusammenfassung |
|||
| Zeile 1: | Zeile 1: | ||
The DoS (Denial of Service) defend feature provides protection against DoS attacks. With DoS Defend, the switch can analyze specific fields of the IP packets, distinguish the malicious DoS attack packets and discard them directly. In addition, DoS Defend can limit the transmission rate of legal packets. | The DoS (Denial of Service) defend feature provides protection against DoS attacks. | ||
* With DoS Defend, the switch can analyze specific fields of the IP packets, distinguish the malicious DoS attack packets and discard them directly. | |||
* In addition, DoS Defend can limit the transmission rate of legal packets. | |||
== DoS Defend == | == DoS Defend == | ||
{| class="wikitable sortable options" | |||
|- | |||
! Option!!Beschreibung | |||
|- | |||
| DoS Protection || Enable or disable DoS Protection. | |||
|} | |||
=== DoS Defend Setting === | === DoS Defend Setting === | ||
Here you can enable the related Defend Types. | Here you can enable the related Defend Types. | ||
{| class="wikitable sortable options" | |||
|- | |||
! Option!!Beschreibung | |||
|- | |||
| Land Attack || The attacker sends a specific fake SYN (synchronous) packet to the destination host. Because both of the source IP address and the destination IP address of the SYN packet are set to be the IP address of the host, the host will be trapped in an endless loop of building the initial connection. | |||
|- | |||
| SYNFIN Scan || The attacker sends a packet with its SYN field and the FIN field set to 1. The SYN field is used to request initial connection whereas the FIN field is used to request disconnection. Therefore, the packet of this type is illegal. | |||
|- | |||
| Xma Scan || The attacker sends an illegal packet with its TCP index, FIN, URG and PSH field set to 1. | |||
|- | |||
| Null Scan || The attacker sends an illegal packet with its TCP index and all the control fields set to 0. During the TCP connection and data transmission, the packets with all control fields set to 0 are considered illegal. | |||
|- | |||
| SYN sPort Less 1024 || The attacker sends an illegal packet with its TCP SYN field set to 1 and source port smaller than 1024. | |||
|- | |||
| Blat Attack || The attacker sends an illegal packet with the same source port and destination port on Layer 4 and with its URG field set to 1. Similar to the Land Attack, the system performance of the attacked host is reduced because the Host circularly attempts to build a connection with the attacker. | |||
|- | |||
| Ping Flooding || The attacker floods the destination system with Ping packets, creating a broadcast storm that makes it impossible for the system to respond to legal communication. | |||
|- | |||
| SYN/SYN-ACK Flooding || The attacker uses a fake IP address to send TCP request packets to the server. Upon receiving the request packets, the server responds with SYN-ACK packets. Since the IP address is fake, no response will be returned. The server will keep on sending SYN-ACK packets. If the attacker sends overflowing fake request packets, the network resource will be occupied maliciously and the requests of the legal clients will be denied. | |||
|- | |||
| WinNuke Attack || Since Operation Systems with bugs cannot correctly process the URG (Urgent Pointer) of TCP packets, the attacker sends this type of packets to the TCP port139 (NetBIOS) of the host with the Operation System bugs, which will cause the host with a blue screen. | |||
|- | |||
| Ping of Death || Ping of Death attack means that the attacker sends abnormal ping packets larger than 65535 bytes to cause system crash on the target computer. | |||
|- | |||
| Smurf Attack || Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network will, by default, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim’s computer will be flooded with traffic. | |||
|} | |||
[[Kategorie:T2600G:Security]] | [[Kategorie:T2600G:Security]] | ||
Version vom 31. Dezember 2022, 13:01 Uhr
The DoS (Denial of Service) defend feature provides protection against DoS attacks.
- With DoS Defend, the switch can analyze specific fields of the IP packets, distinguish the malicious DoS attack packets and discard them directly.
- In addition, DoS Defend can limit the transmission rate of legal packets.
DoS Defend
| Option | Beschreibung |
|---|---|
| DoS Protection | Enable or disable DoS Protection. |
DoS Defend Setting
Here you can enable the related Defend Types.
| Option | Beschreibung |
|---|---|
| Land Attack | The attacker sends a specific fake SYN (synchronous) packet to the destination host. Because both of the source IP address and the destination IP address of the SYN packet are set to be the IP address of the host, the host will be trapped in an endless loop of building the initial connection. |
| SYNFIN Scan | The attacker sends a packet with its SYN field and the FIN field set to 1. The SYN field is used to request initial connection whereas the FIN field is used to request disconnection. Therefore, the packet of this type is illegal. |
| Xma Scan | The attacker sends an illegal packet with its TCP index, FIN, URG and PSH field set to 1. |
| Null Scan | The attacker sends an illegal packet with its TCP index and all the control fields set to 0. During the TCP connection and data transmission, the packets with all control fields set to 0 are considered illegal. |
| SYN sPort Less 1024 | The attacker sends an illegal packet with its TCP SYN field set to 1 and source port smaller than 1024. |
| Blat Attack | The attacker sends an illegal packet with the same source port and destination port on Layer 4 and with its URG field set to 1. Similar to the Land Attack, the system performance of the attacked host is reduced because the Host circularly attempts to build a connection with the attacker. |
| Ping Flooding | The attacker floods the destination system with Ping packets, creating a broadcast storm that makes it impossible for the system to respond to legal communication. |
| SYN/SYN-ACK Flooding | The attacker uses a fake IP address to send TCP request packets to the server. Upon receiving the request packets, the server responds with SYN-ACK packets. Since the IP address is fake, no response will be returned. The server will keep on sending SYN-ACK packets. If the attacker sends overflowing fake request packets, the network resource will be occupied maliciously and the requests of the legal clients will be denied. |
| WinNuke Attack | Since Operation Systems with bugs cannot correctly process the URG (Urgent Pointer) of TCP packets, the attacker sends this type of packets to the TCP port139 (NetBIOS) of the host with the Operation System bugs, which will cause the host with a blue screen. |
| Ping of Death | Ping of Death attack means that the attacker sends abnormal ping packets larger than 65535 bytes to cause system crash on the target computer. |
| Smurf Attack | Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network will, by default, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim’s computer will be flooded with traffic. |