Alcatel OmniSwitch 6624 Network Configuration Manual page 239
Hide thumbs
Also See for OmniSwitch 6624:
- Troubleshooting manual (614 pages) ,
- Management manual (264 pages) ,
- Network configuration manual (654 pages)
Table of Contents
Advertisement
Configuring IP
Trap generation. If the total penalty value exceeds the set port scan penalty value threshold, a trap is
•
generated to alert the administrator that a port scan may be in progress.
For example, imagine that a switch is set so that TCP and UDP packets destined for closed ports are given
a penalty of 10, TCP packets destined for open ports are given a penalty of 5, and UDP packets destined
for open ports are given a penalty of 20. The decay is set to 2, and the switch port scan penalty value
threshold is set to 2000:
.
In one minute, 10 TCP closed port packets and 10 UDP closed port packets are received. This would bring
the total penalty value to 200, as shown with the following equation:
(10 TCP X 10 penalty) + (10 UDP X 10 penalty) = 200
This value would be divided by 2 (due to the decay) and decreased to 100. The switch would not record a
port scan:
10 TCP closed port packets
10 UDP closed port packets
OmniSwitch 6624/6648 Network Configuration Guide
DoS Settings
UDP/TCP closed = 10
UDP open = 20
TCP open = 5
Threshold = 2000
Decay = 25
OmniSwitch 6648
Penalty Total = 0
DoS Settings
UDP/TCP closed = 10
UDP open = 20
TCP open = 5
Threshold = 2000
Decay = 25
OmniSwitch 6648
Minute 1 Penalty Total = 100
April 2004
IP Configuration
Do Not
Generate DoS
Attack Warning
Trap
page 12-11
Advertisement
Table of Contents
