Set dos synflood – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Command Line User’s Guide

Section II: Advanced Operations

337

SET DOS SYNFLOOD

Syntax

set dos synflood port=

port

state=enable|disable

Parameters

port

Specifies the switch ports on which you want to enable

or disable this DoS defense. You can select more than
one port at a time.

state

Specifies the state of the DoS defense. The options

are:

enable

Activates the defense.

disable

Deactivates the defense. This is the default.

Description

This command activates and deactivates the SYN ACK Flood DoS
defense.

In this type of attack, an attacker, seeking to overwhelm a victim with TCP
connection requests, sends a large number of TCP SYN packets with
bogus source addresses to the victim. The victim responds with SYN ACK
packets, but since the original source addresses are bogus, the victim
node does not receive any replies. If the attacker sends enough requests
in a short enough period, the victim may freeze operations once the
requests exceed the capacity of its connections queue.

To defend against this form of attack, a switch port monitors the number of
ingress TCP-SYN packets it receives. If a port receives more 60 TCP-SYN
packets per second, the following occurs.

ˆ

The switch sends a trap to the management stations

ˆ

The switch blocks all traffic on the port for one minute.

This defense mechanism does not involve the switch’s CPU. You can
activate it on as many ports as you want without it impacting switch
performance.

Example

The following command activates the defense on ports 18 to 20:

set dos synflood port=18-20 state=enable