beautypg.com

NETGEAR AV Line M4250 GSM4210PX 8-Port Gigabit PoE+ Compliant Managed AV Switch with SFP (220W) User Manual

Page 545

background image

• Denial of Service ICMPv4: Enabling ICMPv4 DoS prevention causes the switch

to drop ICMPv4 packets with a type set to ECHO_REQ (ping) and a size greater
than the configured ICMPv4 packet size. By default, this option is disabled.

• Denial of Service Max ICMPv4 Packet Size: Specify the maximum ICMPv4 packet

size allowed. If ICMPv4 DoS prevention is enabled, the switch drops ICMPv4 ping
packets with a size greater than the configured value. The range is from 0 to 16376.
The default value is 512.

• Denial of Service ICMPv6: Enabling ICMPv6 DoS prevention causes the switch

to drop ICMPv6 packets with a type set to ECHO_REQ (ping) and a size greater
than the configured ICMPv6 packet size. By default, this option is disabled.

• Denial of Service Max ICMPv6 Packet Size: Specify the maximum ICMPv6 packet

size allowed. If ICMPv6 DoS prevention is enabled, the switch drops ICMPv6 ping
packets with a size greater than the configured value. The range is from 0 to 16376.
The default value is 512.

• Denial of Service First Fragment: Enabling first fragment DoS prevention causes

the switch to check the DoS options on the first fragment of a fragmented IP
packet. Otherwise, the switch ignores the first fragment of a fragmented IP packet.
By default, this option is disabled.

• Denial of Service ICMP Fragment: Enabling ICMP Fragment DoS prevention

causes the switch to drop ICMP fragmented packets. By default, this option is
disabled.

• Denial of Service SIP=DIP: Enabling SIP=DIP DoS prevention causes the switch

to drop packets with a source IP address equal to the destination IP address. By
default, this option is disabled.

• Denial of Service SMAC=DMAC: Enabling SMAC=DMAC DoS prevention causes

the switch to drop packets with a source MAC address equal to the destination
MAC address. By default, this option is disabled.

• Denial of Service TCP FIN&URG&PSH: Enabling TCP FIN & URG & PSH DoS

prevention causes the switch to drop packets with TCP flags FIN, URG, and PSH
set and the TCP sequence number equal to 0. By default, this option is disabled.

• Denial of Service TCP Flag&Sequence: Enabling TCP Flag DoS prevention

causes the switch to drop packets with TCP control flags set to 0 and the TCP
sequence number set to 0. By default, this option is disabled.

• Denial of Service TCP Fragment: Enabling TCP Fragment DoS prevention causes

the switch to drop packets with a TCP payload for which the IP payload length
minus the IP header size is less than the minimum allowed TCP header size. By
default, this option is disabled.

• Denial of Service TCP Offset: Enabling TCP Offset DoS prevention causes the

switch to drop packets with a TCP header offset set to 1. By default, this option is
disabled.

• Denial of Service TCP Port: Enabling TCP Port DoS prevention causes the switch

to drop packets for which the TCP source port is equal to the TCP destination
port. By default, this option is disabled.

Main User Manual

545

Manage Switch Security

AV Line of Fully Managed Switches M4250 Series Main User Manual

See also other documents in the category NETGEAR Video surveillance systems: