Ip source guard, Figure 204: protecting against dos attacks, Ip s – LevelOne GTL-2691 User Manual
Page 391
C
HAPTER
13
| Security Measures
IP Source Guard
– 391 –
◆
TCP Scan – Configures the switch to protect against the types of DoS
attacks described below. (Default: Disabled)
■
DoS TCP-null-scan attacks – A TCP NULL scan message is used to
identify listening TCP ports. The scan uses a series of strangely
configured TCP packets which contain a sequence number of 0 and
no flags. If the target's TCP port is closed, the target replies with a
TCP RST (reset) packet. If the target TCP port is open, it simply
discards the TCP NULL scan.
■
DoS TCP-SYN/FIN-scan attacks – A TCP SYN/FIN scan message is
used to identify listening TCP ports. The scan uses a series of
strangely configured TCP packets which contain SYN (synchronize)
and FIN (finish) flags. If the target's TCP port is closed, the target
replies with a TCP RST (reset) packet. If the target TCP port is open,
it simply discards the TCP SYN FIN scan.
■
DoS TCP-xmas-scan attacks – A so-called TCP XMAS scan message
is used to identify listening TCP ports. This scan uses a series of
strangely configured TCP packets which contain a sequence number
of 0 and the URG, PSH and FIN flags. If the target's TCP port is
closed, the target replies with a TCP RST packet. If the target TCP
port is open, it simply discards the TCP XMAS scan.
W
EB
I
NTERFACE
To protect against DoS attacks:
1.
Click Security, DoS Protection.
2.
Enable protection for LAND attacks or TCP Scan attacks.
3.
Click Apply
Figure 204: Protecting Against DoS Attacks
IP S
OURCE
G
UARD
IP Source Guard is a security feature that filters IP traffic on network
interfaces based on manually configured entries in the IP Source Guard
table, or dynamic entries in the DHCP Snooping table when enabled (see
). IP source guard can be used to prevent
traffic attacks caused when a host tries to use the IP address of a neighbor
to access the network. This section describes how to use IP Source Guard.