Set dos – Allied Telesis AT-S63 User Manual

Page 442

background image

Chapter 34: Denial of Service (DoS) Defense Commands

442

SET DOS

Syntax

set dos ipaddress=

ipaddress

subnet=

mask

uplinkport=

port

Parameters

ipaddress

Specifies the IP address of one of the devices
connected to the switch, preferably the lowest IP
address.

subnet

Specifies the subnet mask of the LAN. A binary “1”

indicates the switch should filter on the
corresponding bit of the address, while a “0”
indicates that it should not.

uplinkport

Specifies the port on the switch that is connected to

a device (for example, a DSL router) that leads
outside the network. You can specify only one port.
This parameter is required only for the Land defense.

Description

This command is required for the SMURF and Land defenses. The SMURF
defense uses the LAN address and mask to determine the broadcast
address of your network. The Land defense uses this information to
determine which traffic is local and which is remote to your network.

As an example, assume that the devices connected to a switch are using
the IP address range 149.11.11.1 to 149.11.11.50. The IP address would
be 149.11.11.1 and the mask would be 0.0.0.63.

Examples

The following command sets the IP address to 149.11.11.1 and the mask
to 0.0.0.63:

set dos ipaddress=149.11.11.1 subnet=0.0.0.63

The following command sets the IP address to 149.22.22.1, the mask to
0.0.0.255, and the uplink port for the Land defense to port 24:

set dos ipaddress=149.22.22.1 subnet=0.0.0.255 uplinkport=24