Filter
Top Products
Configuring IP IP Configuration
OmniSwitch 6600 Family Network Configuration Guide April 2006 page 14-15
• Trap generation. If the total penalty value exceeds the set port scan penalty value threshold, a trap is
generated to alert the administrator that a port scan may be in progress.
For example, imagine that a switch is set so that TCP and UDP packets destined for closed ports are given
a penalty of 10, TCP packets destined for open ports are given a penalty of 5, and UDP packets destined
for open ports are given a penalty of 20. The decay is set to 2, and the switch port scan penalty value
threshold is set to 2000:
.
In one minute, 10 TCP closed port packets and 10 UDP closed port packets are received. This would bring
the total penalty value to 200, as shown with the following equation:
(10 TCP X 10 penalty) + (10 UDP X 10 penalty) = 200
This value would be divided by 2 (due to the decay) and decreased to 100. The switch would not record a
port scan:
DoS Settings
UDP/TCP closed = 10
UDP open = 20
TCP open = 5
Threshold = 2000
Decay = 3
Penalty Total = 0
OmniSwitch 6648
DoS Settings
UDP/TCP closed = 10
UDP open = 20
TCP open = 5
Threshold = 2000
Decay = 3
Minute 1 Penalty Total = 100
Do Not
Generate DoS
Attack Warning
Trap
10 TCP closed port packets
10 UDP closed port packets
OmniSwitch 6648