Dell FCX624-E Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 1339
53-1002266-01
Chapter
38
Protecting Against Denial of Service Attacks
Table 232 lists individual Dell PowerConnect switches and the DoS protection features they
support.
This chapter explains how to protect your Dell PowerConnect devices from Denial of Service (DoS)
attacks.
In a Denial of Service (DoS) attack, a router is flooded with useless packets, hindering normal
operation. Dell PowerConnect devices include measures for defending against two types of DoS
attacks Smurf attacks and TCP SYN attacks.
Protecting against Smurf attacks
A Smurf attack is a kind of DoS attack in which an attacker causes a victim to be flooded with
Internet Control Message Protocol (ICMP) echo (Ping) replies sent from another network.
Figure 174 illustrates how a Smurf attack works.
FIGURE 174 How a Smurf attack floods a victim with ICMP replies
The attacker sends an ICMP echo request packet to the broadcast address of an intermediary
network. The ICMP echo request packet contains the spoofed address of a victim network as its
source. When the ICMP echo request reaches the intermediary network, it is converted to a Layer 2
broadcast and sent to the hosts on the intermediary network. The hosts on the intermediary
network then send ICMP replies to the victim network.
TABLE 232 Supported DoS protection features
Feature PowerConnect B-Series FCX
Smurf attack (ICMP attack) protection Yes
TCP SYN attack protection Yes
2
1
3
Attacker
Intermediary
Victim
Attacker sends ICMP echo requests to
broadcast address on Intermediary’s
network, spoofing Victim’s IP address
as the source
If Intermediary has directed broadcast
forwarding enabled, ICPM echo requests
are broadcast to hosts on Intermediary’s
network
The hosts on Intermediary’s network
send replies to Victim, inundating Victim
with ICPM packets