Dos ping-of-death – Allied Telesis AT-DC2552XS User Manual
Page 530
Chapter 22: DoS Defense Commands
530
Section V: Security and Traffic Control
DOS PING-OF-DEATH
Syntax
dos ping-of-death action
action
Parameter
action
Specifies an action. The only action is “shutdown.” The switch
temporarily shuts down the specified port for one minute when a
DoS ping-of-death attack is detected.
Mode
Port Interface mode
Description
Use this command to enable the defense against DoS ping-of-death
attacks. In DoS ping-of-death attacks, attackers send fragmented packets
that are greater than 65,565 bytes when they are reconstructed. Host
machines that receive oversized IP packets may crash or be forced to
reboot.
When the DoS ping-of-death defense is enabled on a port, the switch
temporarily shuts down the port for one minute if the port receives a
fragmented ICMP ECHO packet that is part of the packet greater than
65,447 bytes when the fragmented packets are reconstructed. The size of
packets that the switch compares to 65,447 bytes is a packet except the
IP header and ICMP header.
To enable a shut down port manually, use the NO SHUTDOWN
command. See “NO SHUTDOWN” on page 254.
You can enable the DoS ping-of-death defense on a per port basis.
However, you cannot specify static or dynamic trunk groups, represented
by “saX” and “poX” respectively, or ports that belong to a trunk.
The DoS ping-of-death defense consumes 1 unit per port out of 256
resource units that are allocated to the DoS defense on the switching chip
that reside on the switch.
Confirmation Command