Set dos pingofdeath – Allied Telesis AT-S63 User Manual

Chapter 21: Denial of Service Defense Commands

358

Section II: Advanced Operations

SET DOS PINGOFDEATH

Syntax

set dos pingofdeath port=

port

state=enable|disable

[mirroring=yes|no|on|off|true|false|enabled|disabled]

Parameters

port

Specifies the switch ports on which to enable or disable

the Ping of Death defense. You can specify more than
one port at a time.

state

Specifies the state of the IP Option defense. The

options are:

enable

Activates the defense.

disable

Deactivates the defense. This is the default.

mirroring

Specifies whether the examined traffic is copied to a

mirror port. Options are:

yes, on, true

Traffic is mirrored. These values are

enabled

equivalent.

no, off, false

Traffic is not mirrored. This is the

disabled

default. These values are equivalent.

Description

This command activates and deactivates the Ping of Death DoS defense.

In this DoS, an attacker sends an oversized, fragmented Ping packet to
the victim, which, if lacking a policy for handling oversized packets, may
freeze.

To defend against this form of attack, a switch port searches for the last
fragment of a fragmented Ping request and examines its offset to
determine if the packet size is greater than 63,488 bits. If it is, the fragment
is forwarded to the switch’s CPU for final packet size determination. If the
switch determines that the packet is oversized, the following occurs:

ˆ

The switch sends a trap to the management stations.

ˆ

The switch blocks all traffic on the port for one minute.