Table of Contents
Advertisement
| Security Measures
C
13
HAPTER
IPv4 Source Guard
IP
4 S
G
V
OURCE
UARD
port is closed, the target replies with a TCP RST (reset) packet. If the
target TCP port is open, it simply discards the TCP NULL scan.
(Default: Enabled)
TCP SYN/FIN Scan – A TCP SYN/FIN scan message is used to identify
◆
listening TCP ports. The scan uses a series of strangely configured TCP
packets which contain SYN (synchronize) and FIN (finish) flags. If the
target's TCP port is closed, the target replies with a TCP RST (reset)
packet. If the target TCP port is open, it simply discards the TCP SYN
FIN scan. (Default: Enabled)
TCP Xmas Scan – A so-called TCP XMAS scan message is used to
◆
identify listening TCP ports. This scan uses a series of strangely
configured TCP packets which contain a sequence number of 0 and the
URG, PSH and FIN flags. If the target's TCP port is closed, the target
replies with a TCP RST packet. If the target TCP port is open, it simply
discards the TCP XMAS scan. (Default: Enabled)
W
I
EB
NTERFACE
To protect against DoS attacks:
Click Security, DoS Protection.
1.
Enable protection for LAND attacks or TCP scan attacks.
2.
Click Apply
3.
Figure 224: Protecting Against DoS Attacks
IPv4 Source Guard is a security feature that filters IP traffic on network
interfaces based on manually configured entries in the IP Source Guard
table, or dynamic entries in the DHCP Snooping table when enabled (see
"DHCP Snooping" on page
traffic attacks caused when a host tries to use the IP address of a neighbor
to access the network. This section describes how to configure IP Source
Guard.
– 432 –
444). IP source guard can be used to prevent
Advertisement
Chapters
Table of Contents
