Denial of Service Attack Protection
This section describes the PowerConnect 6200 Series Denial of Service Protection feature.
Overview
Denial of Service:
•
Spans two categories:
–
Protection of the switch
–
Protection of the network
•
Protects against the exploitation of a number of vulnerabilities which would make the host or network
unstable
•
Compliant with Nessus. Dell tested the switch software with Nessus version 2.0.10. Nessus is a widely-
used vulnerability assessment tool.
•
PowerConnect 6200 Series software provides a number of features that help a network administrator
protect networks against DoS attacks.
There are 6 available types of attacks which can be monitored for and blocked. Each type of attack is
represented by a dos-control command keyword.
console(config)#dos-control ?
firstfrag
icmp
l4port
sipdip
tcpflag
tcpfrag
54
Switching Configuration
Enables IPv4 first fragment checking.
Enables ICMP size checking.
Enables L4 port number checking.
Enables SIP=DIP checking.
Enables TCP flag checking.
Enables TCP fragment checking.