Dos teardrop – Allied Telesis AT-DC2552XS User Manual
Page 536
Chapter 22: DoS Defense Commands
536
Section V: Security and Traffic Control
DOS TEARDROP
Syntax
dos teardrop action
action
Parameter
action
Specifies an action. The only action is “shutdown.” The switch
temporarily shuts down the specified port for one minute when a
DoS SYN flood attack is detected.
Mode
Port Interface mode
Description
Use this command to enable the defense against DoS Teardrop attacks.
In DoS Teardrop attacks, attackers send IP fragment packets that contain
invalid overlapping values in the fragment offset field. When destination
hosts attempt to reassemble the packets, the hosts may crash.
When the DoS Teardrop defense is enabled on a port, the switch
temporarily shuts down the port for one minute if the port receives a
fragmented packet with an invalid fragment offset value. The port is
enabled automatically after one minute passes. To enable a shut-down
port manually, use the NO SHUTDOWN command. See “NO
SHUTDOWN” on page 254.
You can enable the DoS Teardrop defense on a per port basis. However,
you cannot specify static or dynamic trunk groups, represented by “saX”
and “poX” respectively, or ports that belong to a trunk.
The DoS Teardrop defense consumes 1 unit per port out of 256 resource
units that are allocated to the DoS defense on the switching chip that
resides on the switch.
Confirmation Command