Table of Contents
Advertisement
DoS Attack
Description
IPProt
An IPv4 packet with an unassigned
or reserved IP protocol.
IPOptLen
An IPv4 packet with an invalid IP
options length.
FragMoreDont An IPv4 packet with the "more"
fragments and "don't" fragment bits
set.
FragData
An IPv4 packet with the "more"
fragments bit set but a small
payload.
FragBoundary An IPv4 packet with the "more"
fragments bit set but a payload not
at an 8-byte boundary.
FragLast
An IPv4 packet that is the last
fragment but no payload.
FragDontOff
An IPv4 packet with a non-zero
fragment offset and the "don't"
fragment bits set.
FragOpt
An IPv4 packet with a non-zero
fragment offset and IP options bits
set.
FragOff
An IPv4 packet with a small non-
zero fragment offset.
FragOverSize
An IPv4 packet with a non-zero
fragment offset and an oversized
payload.
TCPLen
A TCP packet with a TCP header
length less than 20 bytes and an IP
data length less than the TCP header
length.
TCPPortZero
A TCP packet with a source or
destination port of zero.
TCPReserved
A TCP packet with the TCP reserved
bit set.
NULLscan
A TCP packet with a sequence
number of zero or all of the control
bits are set to zero.
Document ID: RDWR-ALOS-V2900_AG1302
Alteon Application Switch Operating System Application Guide
Table 50: DoS Attacks Detected by Alteon
Advanced Denial of Service Protection
Action
Alteon checks for IPv4 packets with an
unassigned or reserved IP protocol, and
drops any matching packets.
Alteon checks for IPv4 packets with an
invalid IP options length set, and drops any
matching packets.
Alteon checks for IPv4 packets with both the
"more" fragments and "don't" fragments bits
set, and drops any matching packets.
Alteon checks for IPv4 packets with the
"more" fragments bit set but exhibiting a
small payload, and drops any matching
packets.
Alteon checks for IPv4 packets with the more
fragments bit set but whose payload is not at
an 8-byte boundary, and drops any matching
packets.
Alteon checks for IPv4 packets with the last
fragment bit set but no payload, and drops
any matching packets.
Alteon checks for IPv4 packets with a non-
zero fragment offset and the "don't"
fragment bits set, and drops any matching
packets.
Alteon checks for IPv4 packets with a non-
zero fragment offset and the IP options bits
set, and drops any matching packets.
Alteon checks for IPv4 packets with a small
non-zero fragment offset, and drops any
matching packets.
Alteon checks for IPv4 packets with a non-
zero fragment offset and an oversized
payload, and drops any matching packets.
Alteon checks for TCP packets with a TCP
header length less than 20 bytes and an IP
data length less than the TCP header length,
and drops any matching packets.
Alteon checks for TCP packets with a source
or destination port of zero, and drops any
matching packets.
Alteon checks for TCP packets with the TCP
reserved bit set, and drops any matching
packets.
Alteon checks for TCP packets with a
sequence number or zero or with all control
bits set to zero, and drops any matching
packets.
607
- Quick Links:
- Part 1-Basic Features
Hide quick links:
Advertisement
Table of Contents
