Set dos smurf – Allied Telesis AT-S63 User Manual
Page 448

Chapter 23: Denial of Service Defense Commands
448
Section II: Advanced Operations
SET DOS SMURF
Syntax
set dos smurf port=
port
state=enable|disable
Parameters
port
Specifies the switch ports on which you want to enable
or disable SMURF defense. You can select more than 
one port at a time.
state
Specifies the state of the SMURF defense. The options
are:
enable
Activates the defense.
disable
Deactivates the defense. This is the default.
Description
This command activates and deactivates the SMURF DoS defense.
This DoS attack is instigated by an attacker sending a Ping request 
containing a broadcast address as the destination address and the 
address of the victim as the source of the Ping. This overwhelms the 
victim with a large number of Ping replies from other network nodes.
A switch port defends against this form of attack by examining the 
destination addresses of ingress Ping packets and discarding those that 
contain a broadcast address as a destination address. 
To implement this defense, you need to specify the IP address of any 
device on your network, preferably the lowest IP address, and a mask 
using “SET DOS” on page 442. The switch uses the combination of the 
two to determine your network’s broadcast address. Any ingress Ping 
packets containing the broadcast address are discarded.
This defense mechanism does not involve the switch’s CPU. You can 
activate it on as many ports as you want without having it negatively 
impact switch performance.
Example
The following command activates this defense on port 17:
set dos smurf port=17 state=enable
