Protecting against denial of service attacks, Protecting against smurf attacks, Chapter 9 – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 345: Chapter
Multi-Service IronWare Security Configuration Guide
327
53-1003035-02
Chapter
9
Protecting against Denial of Service Attacks
displays the individual devices and the Denial of Service (DoS) attack features they
support.
In a DoS attack, a router is flooded with useless packets for the purpose of slowing down or
stopping normal operation. Brocade devices include measures to defend against two types of DoS
attacks: Smurf attacks and TCP SYN attacks.
Protecting against smurf attacks
A smurf attack is a kind of DoS attack where an attacker causes a victim to be flooded with ICMP
echo (pPing) replies sent from another network.
illustrates how a smurf attack works.
FIGURE 9
How a smurf attack floods a victim with ICMP replies
TABLE 54
Supported DoS features
Features
supported
Brocade
NetIron XMR
Series
Brocade
MLX Series
Brocade
NetIron CES
2000 Series
BASE
package
Brocade
NetIron CES
2000 Series
ME_PREM
package
Brocade
NetIron CES
2000 Series
L3_PREM
package
Brocade
NetIron CER
2000 Series
Base
package
Brocade
NetIron CER
2000 Series
Advanced
Services
package
Denial of
Service
(DoS)
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Protection
Against
smurf
Attacks
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Protection
Against TCP
SYN Attacks
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Protection
Against TCP
Reset
Attacks
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Protecting
against UDP
attacks
Yes
Yes
Yes
Yes
Yes
Yes
Yes