Filter
Top Products
Configuring System Information 193
Denial of Service
Denial of Service refers to the exploitation of a variety of vulnerabilities which would interrupt the
service of a host or make a network unstable. Use the Denial of Service page to configure settings to help
prevent denial of service attacks.
To display the Denial of Service page, click System
→
Management Security
→
Denial of Service in the
tree view.
Figure 6-64. Denial of Service
The Denial of Service page contains the following fields:
•
Denial of Service SIP=DIP
— Enabling SIP=DIP DoS prevention causes the switch to drop packets
that have a source IP address equal to the destination IP address.
•
Denial of Service First Fragment
— Enabling First Fragment DoS prevention causes the switch to
drop packets that have a TCP header smaller than the configured minimum TCP header size (Min
TCP Hdr Size).
•
Denial of Service Min TCP Hdr Size
— Specify the minimum TCP header size allowed. If First
Fragment DoS prevention is enabled, the switch will drop packets that have a TCP header smaller then
this configured value.
•
Denial of Service TCP Fragment
— Enabling TCP Fragment DoS prevention causes the switch to
drop packets that have an IP fragment offset equal to one.
•
Denial of Service TCP Flag
— Enabling TCP Flag DoS prevention causes the switch to drop packets
that meet any of the following conditions:
– TCP flag SYN set and TCP source port less than 1024
– TCP control flags set to 0 and TCP sequence number set to 0
– TCP flags FIN, URG, and PSH set and TCP sequence number set to 0