beautypg.com

Ipv6 traffic not subject to dos attack filtering – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 347

background image

Multi-Service IronWare Security Configuration Guide

329

53-1003035-02

Protecting against smurf attacks

9

The burst-max value can be from 1 – 100000.

The lockup value can be from 1 – 10000.

The number of incoming ICMP packets per second are measured and compared to the threshold
values, as follows:

If the number of ICMP packets exceeds the burst-normal value, the excess ICMP packets are
dropped.

If the number of ICMP packets exceeds the burst-max value, all ICMP packets are dropped for
the number of seconds specified by the lockup value. When the lockup period expires, the
packet counter is reset and measurement is restarted.
In this example, if the number of ICMP packets received per second exceeds 5,000, the excess
packets are dropped. If the number of ICMP packets received per second exceeds 10,000, the
device drops all ICMP packets for the next 300 seconds (five minutes).

When incoming ICMP packets exceed the burst-max value, the following message is logged.

SYSLOG: Jul 26 12:30:31:<13>Jul 26 12:30:31 AB-850 ICMP:Local ICMP exceeds 10

burst packets, stopping for 15 seconds!!

IPv6 traffic not subject to DOS attack filtering

The following IPv6 traffic exceptions (per section 4.4 of RFC 4890) are not subject to DoS attack
filtering.

Error messages that are essential to the establishment and maintenance of communications:

Destination unreachable (Type 1) - All codes

Packet Too Big (Type 2)

Time Exceeded (Type 3) - Code 0 only

Parameter Problem (Type 4) - Codes 1 and 2 only

Address configuration and router selection messages:

Router Solicitation (Type 133)

Router Advertisement (Type 134)

Neighbor Solicitation (Type 135)

Neighbor Advertisement (Type 136)

Redirect (Type 137)

Inverse Neighbor Discovery Solicitation (Type 141)

Inverse Neighbor Discovery Advertisement (Type 142)

Link-local multicast receiver notification messages:

Listener Query (Type 130)

Listener Report (Type 131)

Listener Done (Type 132)

Listener Report v2 (Type 143)

See also other documents in the category Brocade Computer Accessories: