TP-Link TL-SL3428 Switch User Manual


 
DoS Attack Type Description
Scan SYNFIN The attacker sends the packet with its SYN field and the FIN field set to 1.
The SYN field is used to request initial connection whereas the FIN field is
used to request disconnection. Therefore, the packet of this type is illegal.
The switch can defend this type of illegal packet.
Xmascan The attacker sends the illegal packet with its TCP index, FIN, URG and
PSH field set to 1.
NULL Scan Attack The attacker sends the illegal packet with its TCP index and all the control
fields set to 0. During the TCP connection and data transmission, the
packets with all the control fields set to 0 are considered as the illegal
packets.
SYN packet with its source port
less than 1024
The attacker sends the illegal packet with its TCP SYN field set to 1 and
source port less than 1024.
Ping Flooding The attacker floods the destination system with Ping broadcast storm
packets to forbid the system to respond to the legal communication.
SYN/SYN-ACK Flooding The attacker uses a fake IP address to send TCP request packets to the
Server. Upon receiving the request packets, the Server responds with
SYN-ACK packets. Since the IP address is fake, no response will be
returned. The Server will keep on sending SYN-ACK packets. If the attacker
sends overflowing fake request packets, the network resource will be
occupied maliciously and the requests of the legal clients will be denied.
Table 11-1 Defendable DoS Attack Types
On this page, you can enable the DoS Defend type appropriate to your need.
Choose the menu Network SecurityDoS DefendDoS Defend to load the following page.
Figure 11-16 DoS Defend
The following entries are displayed on this screen:
159