TP-Link TL-SL3428 User Manual page 164

FqU"Cvvcem"V{rg"
Scan SYNFIN
Xmascan
NULL Scan Attack
SYN packet with its source port
less than 1024
Ping Flooding
SYN/SYN-ACK Flooding
On this page, you can enable the DoS Defend type appropriate to your need.
Choose the menu Pgvyqtm"Ugewtkv{→FqU"Fghgpf→FqU"Fghgpf to load the following page.
The attacker sends the packet with its SYN field and the FIN field set to 1.
The SYN field is used to request initial connection whereas the FIN field is
used to request disconnection. Therefore, the packet of this type is illegal.
The switch can defend this type of illegal packet.
The attacker sends the illegal packet with its TCP index, FIN, URG and
PSH field set to 1.
The attacker sends the illegal packet with its TCP index and all the control
fields set to 0. During the TCP connection and data transmission, the
packets with all the control fields set to 0 are considered as the illegal
packets.
The attacker sends the illegal packet with its TCP SYN field set to 1 and
source port less than 1024.
The attacker floods the destination system with Ping broadcast storm
packets to forbid the system to respond to the legal communication.
The attacker uses a fake IP address to send TCP request packets to the
Server. Upon receiving the request packets, the Server responds with
SYN-ACK packets. Since the IP address is fake, no response will be
returned. The Server will keep on sending SYN-ACK packets. If the attacker
sends overflowing fake request packets, the network resource will be
occupied maliciously and the requests of the legal clients will be denied.
Table 11-1 Defendable DoS Attack Types
Figure 11-16 DoS Defend
156
Fguetkrvkqp"