Chapter 43 security feature configuration, 1 introduction to security feature, 2 security feature configuration – QTECH QSW-3400 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

348

Chapter 43 Security Feature Configuration

43.1 Introduction to Security Feature

Before introducing the security features, we here first introduce the DoS. The DoS is short for

Denial of Service, which is a simple but effective destructive attack on the internet. The server

under DoS attack will drop normal user data packet due to non-

stop processing the attacker’s

data packet, leading to the denial of the service and worse can lead to leak of sensitive data of

the server.

Security feature refers to applications such as protocol check which is for protecting the server

from attacks such as DoS. The protocol check allows the user to drop matched packets based

on specified conditions. The security features provide several simple and effective protections

against Dos attacks while acting no influence on the linear forwarding performance of the

switch.

43.2 Security Feature Configuration

43.2.1 Prevent IP Spoofing Function Configuration Task Sequence

Command

Explanation

Global Mode

[no] dosattack-check srcip-equal-dstip

enable

Enable/disable the function of checking if the IP

source address is the same as the destination

address.

43.2.2 Prevent ICMP Fragment Attack Function Configuration Task
Sequence

1. Enable the prevent ICMP fragment attack function

2. Configure the max permitted ICMPv4 net load length

Command

Explanation

Global Mode

[no] dosattack-check icmp-attacking

enable

Enable/disable the prevent ICMP fragment

attack function.

dosattack-check icmpv4-size <size>

Configure the max permitted ICMPv4 net load

length. This command has not effect when used

separately, the user have to enable the

dosattack-check icmp-attacking enable.