Dos attack protection, Supported dos protection features, Smurf attacks – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual
Page 323: Supported dos protection features smurf attacks
DoS Attack Protection
Supported DoS protection features
Lists DoS protection features supported on FastIron devices.
The following table lists individual Brocade switches and the DoS protection features they support.
These features are supported in the Layer 2, base Layer 3, edge Layer 3, and full Layer 3 software
images, except where noted.
Feature
ICX 6430
ICX 6450
FCX
ICX 6610
ICX 6650
FSX 800
FSX 1600
ICX 7750
Smurf attack (ICMP attack) protection
08.0.01
08.0.01
08.0.01
08.0.01
08.0.01
08.0.01
08.0.10
TCP SYN attack protection
08.0.01
08.0.01
08.0.01
08.0.01
08.0.01
08.0.01
08.0.10
This chapter explains how to protect your Brocade devices from Denial of Service (DoS) attacks.
In a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normal
operation. Brocade devices include measures for defending against two types of DoS attacks Smurf
attacks and TCP SYN attacks.
Smurf attacks
A Smurf attack is a kind of DoS attack in which an attacker causes a victim to be flooded with Internet
Control Message Protocol (ICMP) echo (Ping) replies sent from another network. The following figure
illustrates how a Smurf attack works.
FastIron Ethernet Switch Security Configuration Guide
323
53-1003088-03