D-Link DXS-3600-16S Manual page 239

Example
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#defense enable
Success
DXS-3600-32S(config)#
Example
DXS-3600-32S#configure terminal
DXS-3600-32S(config)#defense land enable
Success
DXS-3600-32S(config)#
DXS-3600 Series 10GbE Layer 2/3 Switch CLI Reference Guide
Xmas Scan
Hackers use the TCP Xmas scan to identify listening TCP ports. This scan uses a
series of strangely configured TCP packets, which contain the Urgent (URG),
Push (PSH), and FIN flags. Again, this type of scan can get through some
firewalls and boundary routers that filter on incoming TCP packets with
standard flag settings. If the target device's TCP port is closed, the target
device sends a TCP RST packet in reply. If the target device's TCP port is
open, the target discards the TCP Xmas scan, sending no reply.
Detect method - Check whether a received TCP packet contains URG, Push and
FIN flags.
SYNFIN
To use this type of scan, an attacker first sends a Transmission Control Protocol
(TCP) packet that have the Finish (FIN) and Synchronize (SYN) flags set. An
open port will respond with Acknowledge (ACK) and SYN TCP packets, but a
closed port will return the ACK and Reset (RST) flags set.
Detect method - Check whether a received TCP packet contains FIN and SYN
flags.
SYN with source port < 1024
SYN packet with source port less than 1024; the Internet default services use L4
port between 1 and 1023. If the source port of a TCP packet with SYN flag is
less than 1024, the packet should be abnormal.
Detect method - Check whether the packets source ports are less than 1024
packets.
Ping of Death
A ping of death is a type of attack on a computer that involves sending a
malformed or otherwise malicious ping to a computer. A ping is normally 64
bytes in size; many computers cannot handle a ping larger than the maximum
IP packet size, which is 65,535 bytes. Sending a ping of this size can crash
the target computer. Traditionally, this bug has been relatively easy to exploit.
Generally, sending a 65536 byte ping packet is illegal according to networking
protocol, but a packet of such a size can be sent if it is fragmented; when the
target computer reassembles the packet, a buffer overflow can occur, which
often cause a system crash.
Detect method - Detect whether received packets are fragmented ICMP
packets.
TCP Tiny fragment attack
Use the IP fragmentation to create extremely small fragments and force the TCP
header information into a separate packet fragment to pass through the check
function of the router and issue an attack.
Detect method - Check whether the packets are TCP tiny fragment packets.
This example shows how to enable defense for all attack types.
This example shows how to enable defense land attack.
231