Avaya G430 Manual page 58

Accessing the Branch Gateway
FRAGGLE_ATTACK
SYN-FLOOD
UNREACHABLE_PORT_ ATTACK
MALFRAGMENTED_IP
MALFORMED_IP
MALFORMED_ARP
SPOOFED_IP
UNKNOW_L4_IP_PROTOCOL
UNATHENTICATED_ACCESS
Custom DoS classifications
You can define custom DoS attack classifications using access control list (ACL) rules. ACL
rules control which packets are authorized to pass through an interface. A custom DoS class
is defined by configuring criteria for an ACL rule and tagging the ACL with a DoS classification
label.
Note:
For general information about configuring policy rules, refer to
Related topics:
Examples for defining a DoS class using ACLs
58 Administering Avaya G430 Branch Gateway
DoS Attack
Comments? infodev@avaya.com
Description
UDP packets with limited broadcast destination
address
The number of unacknowledged TCP SYN-
ACK exceeds a predefined rate
TCP/UDP IP packets sent to unreachable ports
Malfragmented IP packets on TO-ME
interfaces
Malformed IP packets.
The Branch Gateway reports malformed IP
packets when:
• The IP version in the IP header is a value
other than 4
• The IP header length is smaller than 20
• The total length is smaller than the header
length
ARP messages with bad opcode
For all routable packets, the Branch Gateway
report reception of IP spoofed packets
Packets with unknown (unsupported or
administratively closed) protocol in IP packet
with TO-ME interface as a destination
Failure to authenticate services
on page 59
Policy lists on page 557.
October 2013