beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 925

background image

IPv4 Software Access Control List (ACL) Commands

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

35.39

Examples

To configure smurf DoS detection on port1.0.1, and shutdown the interface if an
attack is detected, use the commands:

To configure land DoS detection on port1.0.1, and shutdown the interface if an attack
is detected, use the commands:

To configure ipoptions DoS detection on port1.0.1, and shutdown the interface if an
attack is detected, use the commands:

To configure ping-of-death DoS detection on port1.0.1, and shutdown the interface if
an attack is detected, use the commands:

synflood

In this type of attack, an attacker, seeking to overwhelm a victim
with TCP connection requests, sends a large number of TCP SYN
packets with bogus source addresses to the victim. The victim
responds with SYN ACK packets, but since the original source
addresses are bogus, the victim node does not receive any
replies. If the attacker sends enough requests in a short enough
period, the victim may freeze operations once the requests
exceed the capacity of its connections queue.

To defend against this form of attack, a switch port monitors the
number of ingress TCP-SYN packets it receives. An attack is
recorded if a port receives more 60 TCP-SYN packets per second.

teardrop

In this DoS attack, an attacker sends a packet in several
fragments with a bogus offset value, used to reconstruct the
packet, in one of the fragments to a victim. This results in the
victim being unable to reassemble the packet, possibly causing
it to freeze operations.

Type of DoS
attack

Description

awplus#

configure terminal

awplus(config)#

interface port1.0.1

awplus(config-if)#

dos smurf broadcast 192.168.1.0 action
shutdown

awplus#

configure terminal

awplus(config)#

interface port1.0.1

awplus(config-if)#

dos land action shutdown

awplus#

configure terminal

awplus(config)#

interface port1.0.1

awplus(config-if)#

dos ipoptions action shutdown

awplus#

configure terminal

awplus(config)#

interface port1.0.1

awplus(config-if)#

dos ping-of-death action shutdown

See also other documents in the category Allied Telesis Computer hardware: