Set dos synflood – Allied Telesis AT-S63 User Manual
Page 337

AT-S63 Management Software Command Line Interface User’s Guide
Section II: Advanced Operations
337
SET DOS SYNFLOOD
Syntax
set dos synflood port=
port
state=enable|disable
Parameters
port
Specifies the switch ports on which you want to enable
or disable this DoS defense. You can select more than 
one port at a time. 
state
Specifies the state of the DoS defense. The options
are:
enable
Activates the defense.
disable
Deactivates the defense. This is the default.
Description
This command activates and deactivates the SYN ACK Flood DoS 
defense.
In this type of attack, an attacker, seeking to overwhelm a victim with TCP 
connection requests, sends a large number of TCP SYN packets with 
bogus source addresses to the victim. The victim responds with SYN ACK 
packets, but since the original source addresses are bogus, the victim 
node does not receive any replies. If the attacker sends enough requests 
in a short enough period, the victim may freeze operations once the 
requests exceed the capacity of its connections queue.
To defend against this form of attack, a switch port monitors the number of 
ingress TCP-SYN packets it receives. If a port receives more 60 TCP-SYN 
packets per second, the following occurs.
The switch sends a trap to the management stations
The switch blocks all traffic on the port for one minute.
This defense mechanism does not involve the switch’s CPU. You can 
activate it on as many ports as you want without it impacting switch 
performance.
Example
The following command activates the defense on ports 18 to 20:
set dos synflood port=18-20 state=enable
