Set dos pingofdeath, Syntax, Parameters – Allied Telesis AT-S63 User Manual

Chapter 17: Denial of Service (DoS) Defense Commands

232

SET DOS PINGOFDEATH

Syntax

set dos pingofdeath port=

port

state=enable|disable

[mirrorport=

port

]

Parameters

port

Specifies the switch ports on which to enable or disable

the Ping of Death defense. You can specify more than
one port at a time.

state

Specifies the state of the IP Option defense. The

options are:

enable

Activates the defense.

disable

Deactivates the defense. This is the default.

mirrorport

Specifies a port where invalid traffic is copied. You can

specify only one port.

Description

This command activates and deactivates the Ping of Death DoS defense.

In this DoS, an attacker sends an oversized, fragmented Ping packet to
the victim, which, if lacking a policy for handling oversized packets, may
freeze.

To defend against this form of attack, a switch port searches for the last
fragment of a fragmented Ping request and examines its offset to
determine if the packet size is greater than 63,488 bits. If it is, the fragment
is forwarded to the switch’s CPU for final packet size determination. If the
switch determines that the packet is oversized, the following occurs:

ˆ

The switch sends a trap to the management stations.

ˆ

The switch port discards the fragment and, for a one minute period,
discards all ingress Ping packets on the port.