NETGEAR GS700TR Switch User Manual


 
GS700TR Smart Switch Software Administration Manual
2-16 Configuring System Information
v1.0, May, 2008
2. If you change any of the DoS settings, click Apply to apply the changes to the switch.
To preserve the changes across a switch reboot, you must perform a save by clicking
Maintenance > Save Configuration. For more information, see
“Save All Applied Changes”
on page 8-1.
Table 2-7. Denial of Service Configuration Fields
Field Description
Denial of Service SIP=DIP Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling SIP=DIP DoS prevention causes the
switch to drop packets that have a source IP address equal to the
destination IP address. The factory default is disabled.
Denial of Service First
Fragment
Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling First Fragment DoS prevention causes
the switch to drop packets that have a TCP header smaller than the
configured Min TCP Hdr Size. The factory default is disabled.
Denial of Service Min TCP
Hdr Size
Specify the Min TCP Hdr Size allowed. If First Fragment DoS prevention
is enabled, the switch will drop packets that have a TCP header smaller
then this configured Min TCP Hdr Size. The factory default is disabled.
Denial of Service TCP
Fragment
Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling TCP Fragment DoS prevention causes
the switch to drop packets that have an IP fragment offset equal to 1.
The factory default is disabled.
Denial of Service TCP Flag Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling TCP Flag DoS prevention causes the
switch to drop packets that have TCP flag SYN set and TCP source port
less than 1024 or TCP control flags set to 0 and TCP sequence number
set to 0 or TCP flags FIN, URG, and PSH set and TCP sequence
number set to 0 or both TCP flags SYN and FIN set. The factory default
is disabled.
Denial of Service L4 Port Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling L4 Port DoS prevention causes the switch
to drop packets that have TCP/UDP source port equal to TCP/UDP
destination port. The factory default is disabled.
Denial of Service ICMP Enable or disable this option by selecting the corresponding line on the
pulldown entry field. Enabling ICMP DoS prevention causes the switch
to drop ICMP packets that have a type set to ECHO_REQ (ping) and a
size greater than the configured ICMP Pkt Size. The factory default is
disabled.
Denial of Service Max ICMP
Size
Specify the Max ICMP Pkt Size allowed. If ICMP DoS prevention is
enabled, the switch will drop ICMP ping packets that have a size greater
then this configured Max ICMP Pkt Size. The factory default is disabled.