54 Switching Configuration
Denial of Service Attack Protection
This section describes the PowerConnect 6200 Series Denial of Service Protection feature.
Overview
Denial of Service:
•Spans two categories:
– Protection of the switch
– Protection of the network
• Protects against the exploitation of a number of vulnerabilities which would make the host or network
unstable
• Compliant with Nessus. Dell tested the switch software with Nessus version 2.0.10. Nessus is a widely-
used vulnerability assessment tool.
• PowerConnect 6200 Series software provides a number of features that help a network administrator
protect networks against DoS attacks.
There are 6 available types of attacks which can be monitored for and blocked. Each type of attack is
represented by a dos-control command keyword.
console(config)#dos-control ?
firstfrag Enables IPv4 first fragment checking.
icmp Enables ICMP size checking.
l4port Enables L4 port number checking.
sipdip Enables SIP=DIP checking.
tcpflag Enables TCP flag checking.
tcpfrag Enables TCP fragment checking.