Dos ipoptions – Allied Telesis AT-DC2552XS User Manual
Page 526
Chapter 22: DoS Defense Commands
526
Section V: Security and Traffic Control
DOS IPOPTIONS
Syntax
dos ipoptions action
action
Parameter
action
Specifies an action. The only action is “shutdown.” The switch
temporarily shuts down the specified port for one minute when a
DoS IP options attack is detected.
Mode
Port Interface mode
Description
Use this command to enable the defense against DoS IP options attacks.
In DoS IP options attacks, attackers send large streams of packets with IP
options to target networks and make network resources unavailable to
legitimate traffic.
When the DoS IP options defense is enabled on a port, the switch counts
the number of ingress IP packets containing IP options received on the
port. If the number exceeds 20 packets per second, the switch temporarily
shuts down the port for one minute.The port is enabled automatically after
one minute passes.To enable a shut down port manually, use the NO
SHUTDOWn command. See “NO SHUTDOWN” on page 254.
You can enable the DoS IP options defense on a per port basis. However,
you cannot specify static or dynamic trunk groups, represented by “saX”
and “poX” respectively, or ports that belong to a trunk.
The DoS IP options defense consumes 1 unit per port out of 256 resource
units that are allocated to DoS defense on the switching chip that resides
on the switch.
Confirmation Command