Table of Contents
Advertisement
.
In one minute, 10 TCP closed port packets and 10 UDP closed port packets are received. This would bring
the total penalty value to 200, as shown using the following equation:
(10 TCP X 10 penalty) + (10 UDP X 10 penalty) = 200
This value would be divided by 2 (due to the decay) and decreased to 100. The switch would not record a
port scan:
10 TCP closed port packets
10 UDP closed port packets
In the next minute, 10 more TCP and UDP closed port packets are received, along with 200 UDP open-
port packets. This would bring the total penalty value to 4300, as shown using the following equation:
(100 previous minute value) + (10 TCP X 10 penalty) + (10 UDP X 10 penalty) +
(200 UDP X 20 penalty) = 4300
This value would be divided by 2 (due to decay) and decreased to 2150. The switch would record a port
scan and generate a trap to warn the administrator:
OmniSwitch AOS Release 7 Network Configuration Guide
DoS Settings
UDP/TCP closed = 10
UDP open = 20
TCP open = 5
Threshold = 2000
Decay = 2
Penalty Total = 0
DoS Settings
UDP/TCP closed = 10
UDP open = 20
TCP open = 5
Threshold = 2000
Decay = 2
Minute 1 Penalty Total = 100
March 2011
Do Not
Generate DoS
Attack Warning
Trap
page 1125
Advertisement
Table of Contents
