Denial of service – NETGEAR M4350-24F4V 24-Port 10G SFP+ Managed AV Network Switch User Manual
Page 681
Denial of service
You can select which types of denial of service (DoS) attacks the switch monitors and
blocks.
To configure individual DoS settings:
1. Launch a web browser.
2. In the address field of your web browser, enter the IP address of the switch.
If you do not know the IP address of the switch, see Log in to the main UI with a web
browser on page 27 and the subsections.
The login page displays.
3. Click the Main UI Login button.
The main UI login page displays in a new tab.
4. Enter admin as the user name, enter your local device password, and click the Login
button.
The first time that you log in, no password is required. However, you then must
specify a local device password to use each subsequent time that you log in.
The System Information page displays.
5. Select Security > Access > Denial of Service Configuration.
The Denial of Service Configuration page displays.
6. Select the types of DoS attacks for the switch to monitor and block and configure
any associated values:
•
Denial of Service Min TCP Header Size: Specify the minimum TCP header size
allowed. If you select the Denial of Service TCP Fragment radio button, the
switch drops the first TCP fragment with a TCP payload packet for which the
minimum TCP header size is larger than the IP payload length minus the IP header
size. The range for the minimum TCP header size is from 0 to 255. The default
value is 20.
•
Denial of Service ICMPv4: Enabling ICMPv4 DoS prevention causes the switch
to drop ICMPv4 packets with a type set to ECHO_REQ (ping) and a size greater
than the configured ICMPv4 packet size. By default, this option is disabled.
•
Denial of Service Max ICMPv4 Packet Size: Specify the maximum ICMPv4
packet size allowed. If ICMPv4 DoS prevention is enabled, the switch drops
ICMPv4 ping packets with a size greater than the configured value. The range is
from 0 to 16376. The default value is 512.
•
Denial of Service ICMPv6: Enabling ICMPv6 DoS prevention causes the switch
to drop ICMPv6 packets with a type set to ECHO_REQ (ping) and a size greater
than the configured ICMPv6 packet size. By default, this option is disabled.
Main User Manual
681
Manage Switch Security
Fully Managed Switches M4350 Series Main User Manual