Chapter 50 security feature configuration, 1 introduction to security feature, 2 security feature configuration – PLANET XGS3-24040 User Manual

Chapter 50 Security Feature Configuration

50-1

Chapter 50 Security Feature Configuration

50.1 Introduction to Security Feature

Before introducing the security features, we here first introduce the DoS. The DoS is short for Denial of

Service, which is a simple but effective destructive attack on the internet. The server under DoS attack will

drop normal user data packet due to non-stop processing the attacker’s data packet, leading to the denial of

the service and worse can lead to leak of sensitive data of the server.

Security feature refers to applications such as protocol check which is for protecting the server from attacks

such as DoS. The protocol check allows the user to drop matched packets based on specified conditions. The

security features provide several simple and effective protections against Dos attacks while acting no

influence on the linear forwarding performance of the switch.

50.2 Security Feature Configuration

50.2.1 Prevent IP Spoofing Function Configuration Task

Sequence

1．Enable the IP spoofing function.

Command

Explanation

Global Mode

[no] dosattack-check srcip-equal-dstip

enable

Enable/disable the function of checking if the

IP source address is the same as the

destination address.

50.2.2 Prevent TCP Unauthorized Label Attack Function

Configuration Task Sequence

1．Enable the anti TCP unauthorized label attack function

2．Enable Checking IPv4 fragment function

Command

Explanation

Global Mode

[no] dosattack-check tcp-flags enable

Enable/disable checking TCP label function