Home » D-Link Manuals » Wireless » D-Link DXS-3400 » Manual Viewer

D-Link DXS-3400 User Manual - Page 377

DoS Attack Prevention Settings, Ping of Death Attack

Add to My Manuals
Save this manual to your list of manuals

Page 377 highlights

DXS-3400 Series Lite Layer 3 Stackable 10GbE Managed Switch Web UI Reference Guide The additional fields that can be configured in Storm Control Port Settingsare described below: Parameter KBPS Rise KBPS Low Description Enter the rise KBPS value used here. This option specifies the rise threshold value as a rate of kilobits per second at which traffic is received on the port. This value must be between 1and2147483647 Kbps. Enter the low KBPS value used here. This option specifies the low threshold value as a rate of kilobits per second at which traffic is received on the port. This value must be between 1and2147483647 Kbps. If the low KBPS is not specified, the default value is 80% of the specified risen KBPS. Click the Apply button to accept the changes made. After selecting the Leveloption as the Level Type, the following parameters are available. Figure 9-86Storm Control (Level Type - Level) Window The additional fields that can be configured in Storm Control Port Settingsare described below: Parameter Level Rise Level Low Description Enter the rise level value used here. This option specifies the rise threshold value as a percentage of the total bandwidth per port at which traffic is received on the port. This value must be between 1%and 100%. Enter the low level value used here. This option specifies the low threshold value as a percentage of the total bandwidth per port at which traffic is received on the port. This value must be between 1%and 100%. If the low level is not specified, the default value is 80% of the specified risen level. Click the Apply button to accept the changes made. DoS Attack Prevention Settings This window is used to display and configure the Denial-of-Service (DoS) attack prevention settings. The following well-known DoS types which can be detected by most Switches: • Land Attack: This type of attack involves IP packets where the source and destination address are set to the address of the target device. It may cause the target device to reply to itself continuously. • Blat Attack: This type of attack will send packets with the TCP/UDP source port equal to the destination port of the target device. It may cause the target device to respond to itself. • TCP-Null: This type of attack involves port scanning by using specific packets which contain a sequence number of 0 and no flags. • TCP-Xmas: This type of attack involves port scanning by using specific packets which contain a sequence number of 0 and the Urgent (URG), Push (PSH), and FIN flags. • TCPSYN-FIN: This type of attack involves port scanning by using specific packets which contain SYN and FIN flags. • TCP SYN SrcPort Less 1024: This type of attack involves port scanning by using specific packets which contain source port 0 to 1023 and SYN flag. • Ping of Death Attack: A ping of death is a type of attack on a computer that involves sending a malformed or otherwise a malicious ping to a computer. A ping is normally 64 bytes in size (many computers cannot handle a 367

Section	Page
Table of Contents	3
Introduction	11
Intended Readers	11
Other Documentation	11
Typographical Conventions	11
Notes and Cautions	11
Web-based Switch Configuration	12
Management Options	12
Logging into the Web UI	12
Web User Interface (Web UI)	13
Areas of the User Interface	13
System	15
Device Information	15
System Information Settings	15
Peripheral Settings	16
Port Configuration	17
Port Settings	17
Port Status	20
Port GBIC	20
Port Auto Negotiation	21
Error Disable Settings	22
Jumbo Frame	23
Loopback Test	24
System Log	26
System Log Settings	26
System Log Discriminator Settings	27
System Log Server Settings	28
System Log	29
System Attack Log	29
Time and SNTP	30
Clock Settings	30
Time Zone Settings	30
SNTP Settings	32
Time Range	33
PTP (Precise Time Protocol)	34
PTP Global Settings	34
USB Console Settings	34
SRM	35
SRM Prefer Current Settings	35
SRM Prefer Mode	35
Management	37
Command Logging	37
User Account Settings	37
Password Encryption	39
Password Recovery	39
Login Method	40
SNMP	41
SNMP Global Settings	42
SNMP Linkchange Trap Settings	43
SNMP View Table Settings	44
SNMP Community Table Settings	45
SNMP Group Table Settings	46
SNMP Engine ID Local Settings	47
SNMP User Table Settings	47
SNMP Host Table Settings	49
RMON	50
RMON Global Settings	50
RMON Statistics Settings	50
RMON History Settings	51
RMON Alarm Settings	52
RMON Event Settings	53
Telnet/Web	54
Session Timeout	55
DHCP	56
Service DHCP	56
DHCP Class Settings	57
DHCP Server	58
DHCP Server Global Settings	58
DHCP Server Pool Settings	59
DHCP Server Exclude Address	62
DHCP Server Manual Binding	62
DHCP Server Dynamic Binding	63
DHCP Server IP Conflict	64
DHCP Server Statistic	64
DHCPv6 Server	65
DHCPv6 Server Pool Settings	65
DHCPv6 Server Local Pool Settings	67
DHCPv6 Server Exclude Address	67
DHCPv6 Server Binding	68
DHCPv6 Server Interface Settings	68
DHCPv6 Server Operational Information	69
DHCP Relay	69
DHCP Relay Global Settings	69
DHCP Relay Pool Settings	70
DHCP Relay Information Settings	72
DHCP Relay Information Option Format Settings	73
DHCP Relay Information Profile Settings	75
DHCP Local Relay VLAN	77
DHCPv6 Relay	78
DHCPv6 Relay Global Settings	78
DHCPv6 Relay Interface Settings	78
DHCPv6 Local Relay VLAN	79
DHCP Auto Configuration	80
DNS	80
DNS Global Settings	81
DNS Name Server Settings	81
DNS Host Settings	82
NTP	82
NTP Global Settings	82
NTP Server Settings	84
NTP Peer Settings	84
NTP Access Group Settings	85
NTP Key Settings	86
NTP Interface Settings	87
NTP Associations	88
NTP Status	89
IP Source Interface	89
File System	91
Stacking	92
Physical Stacking	96
Stacking Bandwidth	97
Virtual Stacking (SIM)	98
Single IP Settings	99
Topology	101
File	101
Print Topology	101
Preference	101
Group	102
Add to Group	102
Remove from Group	102
Device	103
Configure	103
View	103
Refresh	103
Topology	103
Help	105
About	105
Firmware Upgrade	106
Configuration File Backup/Restore	106
Upload Log File	107
D-Link Discovery Protocol	107
SMTP Settings	109
NLB FDB Settings	110
Layer 2 Features	112
FDB	112
Static FDB	112
Unicast Static FDB	112
Multicast Static FDB	113
MAC Address Table Settings	113
MAC Address Table	115
MAC Notification	116
VLAN	117
VLAN Configuration Wizard	117
Step 1 -Select VLAN	117
Step 2 - Create/Configure VLAN	117
802.1Q VLAN	119
VLAN Interface	120
802.1v Protocol VLAN	128
Protocol VLAN Profile	128
Protocol VLAN Profile Interface	129
GVRP	130
GVRP Global	130
GVRP Port	130
GVRP Advertise VLAN	131
GVRP Forbidden VLAN	132
GVRP Statistics Table	132
Asymmetric VLAN	133
MAC VLAN	133
L2VLAN Interface Description	134
Subnet VLAN	134
Auto Surveillance VLAN	135
Auto Surveillance Properties	135
MAC Settings and Surveillance Device	137
Voice VLAN	138
Voice VLAN Global	138
Voice VLAN Port	139
Voice VLAN OUI	140
Voice VLAN Device	140
Voice VLAN LLDP-MED Device	141
Private VLAN	141
VLAN Tunnel	142
Dot1q Tunnel	142
VLAN Mapping	144
VLAN Mapping Profile	145
STP	151
STP Global Settings	151
STP Port Settings	152
MST Configuration Identification	154
STP Instance	155
MSTP Port Information	156
ERPS (G.8032)	157
ERPS	157
ERPS Profile	161
Loopback Detection	162
Link Aggregation	164
MLAG	166
MLAG Settings	167
MLAG Group	169
Flex Links	169
L2 Protocol Tunnel	170
L2 Multicast Control	171
IGMP Snooping	171
IGMP Snooping Settings	172
IGMP Snooping AAA Settings	174
IGMP Snooping Groups Settings	175
IGMP Snooping Filter Settings	176
IGMP Snooping Mrouter Settings	179
IGMP Snooping Statistics Settings	180
MLD Snooping	181
MLD Snooping Settings	181
MLD Snooping Groups Settings	184
MLD Snooping Filter Settings	185
MLD Snooping Mrouter Settings	188
MLD Snooping Statistics Settings	189
Multicast VLAN	190
Multicast VLAN Settings	190
Multicast VLAN Group Settings	192
PIM Snooping	194
PIM Snooping Global Settings	194
PIM Snooping Neighbor Table	195
PIM Snooping Mroute Table	195
PIM Snooping Statistics Table	196
Multicast Filtering	196
LLDP	197
LLDP Global Settings	197
LLDP Port Settings	199
LLDP Management Address List	200
LLDP Basic TLVs Settings	200
LLDP Dot1 TLVs Settings	201
LLDP Dot3 TLVs Settings	202
LLDP-MED Port Settings	203
LLDP-DCBX Port Settings	203
LLDP Statistics Information	204
LLDP Local Port Information	205
LLDP Neighbor Port Information	207
Layer 3 Features	208
ARP	208
ARP Aging Time	208
Static ARP	208
Proxy ARP	209
ARP Table	210
Gratuitous ARP	210
IPv6 Neighbor	211
Interface	212
IPv4 Interface	212
IPv6 Interface	214
Loopback Interface	217
Null Interface	219
UDP Helper	219
IP Forward Protocol	219
IP Helper Address	220
IPv4 Static/Default Route	220
IPv4 Static Route BFD	221
IPv4 Route Table	222
IPv6 Static/Default Route	223
IPv6 Static Route BFD	223
IPv6 Route Table	224
Route Preference	225
IPv6 General Prefix	225
RIP	226
RIP Settings	226
RIP Distribute List	227
RIP Interface Settings	228
RIP Database	228
RIPng	229
RIPng Settings	229
RIPng Interface Settings	230
RIPng Database	231
IP Multicast Routing Protocol	232
IPMC	232
IP Multicast Global Settings	232
IP Multicast Forwarding Cache	232
Control Packet CPU Filtering	233
IPv6MC	234
IPv6 Multicast Routing Forwarding Cache Table	234
BFD	234
BFD Settings	234
BFD Neighbor Table	235
IP Route Filter	236
Route Map	236
Policy Route	238
VRRP Settings	239
VRRPv3 Settings	241
Quality of Service (QoS)	244
Basic Settings	244
Port Default CoS	244
Port Scheduler Method	244
Queue Settings	246
CoS to Queue Mapping	246
Port Rate Limiting	247
Queue Rate Limiting	248
Advanced Settings	249
DSCP Mutation Map	249
Port Trust State and Mutation Binding	250
DSCP CoS Mapping	250
CoS Color Mapping	251
DSCP Color Mapping	252
Class Map	253
Aggregate Policer	254
Policy Map	258
Policy Binding	261
QoS PFC	262
Network QoS Class Map	262
Network QoS Policy Map	263
Network QoS Policy Binding	264
PFC Port Settings	265
WRED	266
WRED Profile	266
WRED Queue	267
WRED Drop Counter	268
ETS	268
ETS Port Settings	268
ETS Recommend Settings	270
QCN	271
QCN CNPV Status	271
QCN CNPV Settings	271
QCN CNPV Interface Settings	273
QCN CNPV Interface Simple	274
QCN CP Interface Settings	275
QCN CP Counters	276
QCN CPID Table	276
iSCSI	277
iSCSI Settings	277
iSCSI Sessions	278
Access Control List (ACL)	279
ACL Configuration Wizard	279
Step 1 - Create/Update	279
Step 2 - Select Packet Type	280
Step 3 - Add Rule	280
MAC	280
IPv4	283
IPv6	286
Step 4 - Apply Port	288
ACL Access List	289
Standard IP ACL	291
Extended IP ACL	292
Standard IPv6 ACL	295
Extended IPv6 ACL	296
Extended MAC ACL	298
Extended Expert ACL	300
ACL Interface Access Group	304
ACL VLAN Access Map	305
ACL VLAN Filter	307
CPU ACL	307
Security	310
Port Security	310
Port Security Global Settings	310
Port Security Port Settings	311
Port Security Address Entries	313
802.1X	313
802.1X Global Settings	318
802.1X Port Settings	318
Authentication Sessions Information	320
Authenticator Statistics	320
Authenticator Session Statistics	321
Authenticator Diagnostics	321
AAA	322
AAA Global Settings	322
Application Authentication Settings	323
Application Accounting Settings	324
Authentication Settings	325
Accounting Settings	328
RADIUS	330
RADIUS Global Settings	330
RADIUS Server Settings	331
RADIUS Group Server Settings	332
RADIUS Statistic	334
TACACS+	334
TACACS+ Global Settings	334
TACACS+ Server Settings	335
TACACS+ Group Server Settings	336
TACACS+ Statistic	337
IMPB	338
IPv4	338
DHCPv4 Snooping	338
DHCP Snooping Global Settings	338
DHCP Snooping Port Settings	339
DHCP Snooping VLAN Settings	340
DHCP Snooping Database	340
DHCP Snooping Binding Entry	341
Dynamic ARP Inspection	342
ARP Access List	342
ARP Inspection Settings	343
ARP Inspection Port Settings	344
ARP Inspection VLAN	345
ARP Inspection Statistics	345
ARP Inspection Log	346
IP Source Guard	346
IP Source Guard Port Settings	346
IP Source Guard Binding	347
IP Source Guard HW Entry	348
Advanced Settings	348
IP-MAC-Port Binding Settings	348
IP-MAC-Port Binding Blocked Entry	349
IPv6	350
IPv6 Snooping	350
IPv6 ND Inspection	351
IPv6 RA Guard	352
IPv6 DHCP Guard	353
IPv6 Source Guard	354
IPv6 Source Guard Settings	354
IPv6 Neighbor Binding	355
DHCP Server Screening	356
DHCP Server Screening Global Settings	356
DHCP Server Screening Port Settings	357
ARP Spoofing Prevention	357
BPDU Attack Protection	358
NetBIOS Filtering	359
MAC Authentication	360
Web-based Access Control	362
Web Authentication	364
WAC Port Settings	364
WAC Customize Page	365
Network Access Authentication	366
Guest VLAN	366
Network Access Authentication Global Settings	366
Network Access Authentication Port Settings	368
Network Access Authentication Sessions Information	369
Safeguard Engine	370
Safeguard Engine Settings	371
CPU Protect Counters	372
CPU Protect Sub-Interface	372
CPU Protect Type	373
Trusted Host	374
Traffic Segmentation Settings	374
Storm Control	375
DoS Attack Prevention Settings	377
SSH	379
SSH Global Settings	379
Host Key	380
SSH Server Connection	381
SSH User Settings	381
SSH Client Settings	382
SSL	382
SSL Global Settings	383
Crypto PKI Trustpoint	384
SSL Service Policy	384
SFTP Server Settings	386
OAM	388
CFM	388
CFM Settings	388
CFM Port Settings	398
CFM Loopback Test	399
CFM Linktrace Settings	400
CFM Packet Counter	401
CFM Counter CCM	402
CFM MIP CCM Table	402
CFM MEP Fault Table	402
Cable Diagnostics	402
Ethernet OAM	403
Ethernet OAM Settings	403
Ethernet OAM Configuration Settings	405
Ethernet OAM Event Log Table	408
Ethernet OAM Statistics Table	408
Ethernet OAM DULD Settings	409
DDM	410
DDM Settings	411
DDM Temperature Threshold Settings	412
DDM Voltage Threshold Settings	412
DDM Bias Current Threshold Settings	413
DDM TX Power Threshold Settings	413
DDM RX Power Threshold Settings	414
DDM Status Table	415
Monitoring	416
VLAN Counter	416
Utilization	417
Port Utilization	417
History Utilization	418
Statistics	419
Port	419
CPU Port	420
Interface Counters	421
Interface History Counters	423
Counters	425
Mirror Settings	427
sFlow	429
sFlow Agent Information	429
sFlow Receiver Settings	430
sFlow Sampler Settings	430
sFlow Poller Settings	431
Device Environment	432
External Alarm Settings	432
Green	434
Power Saving	434
EEE	435
Save and Tools	437
Save Configuration	437
Firmware Upgrade & Backup	437
Firmware Upgrade from HTTP	437
Firmware Upgrade from TFTP	438
Firmware Upgrade from FTP	438
Firmware Upgrade from RCP	439
Firmware Backup to HTTP	440
Firmware Backup to TFTP	440
Firmware Backup to FTP	441
Firmware Backup to RCP	442
Configuration Restore & Backup	442
Configuration Restore from HTTP	442
Configuration Restore from TFTP	443
Configuration Restore from FTP	443
Configuration Restore from RCP	444
Configuration Backup to HTTP	445
Configuration Backup to TFTP	445
Configuration Backup to FTP	446
Configuration Backup to RCP	447
Log Backup	448
Log Backup to HTTP	448
Log Backup to TFTP	448
Log Backup to RCP	449
Ping	449

Match case Limit results 1 per page

DXS-3400 Series Lite Layer 3 Stackable 10GbE Managed Switch Web UI Reference Guide

367

The additional fields that can be configured in

Storm Control Port Settings

are described below:

Parameter

Description

KBPS Rise

Enter the rise KBPS value used here. This option specifies the rise threshold

value as a rate of kilobits per second at which traffic is received on the port. This

value must be between 1and2147483647 Kbps.

KBPS Low

Enter the low KBPS value used here. This option specifies the low threshold value

as a rate of kilobits per second at which traffic is received on the port. This value

must be between 1and2147483647 Kbps. If the low KBPS is not specified, the

default value is 80% of the specified risen KBPS.

Click the

Apply

button to accept the changes made.

After selecting the

Level

option as the

Level Type

, the following parameters are available.

Figure 9-86Storm Control (Level Type - Level) Window

The additional fields that can be configured in

Storm Control Port Settings

are described below:

Parameter

Description

Level Rise

Enter the rise level value used here. This option specifies the rise threshold value

as a percentage of the total bandwidth per port at which traffic is received on the

port. This value must be between 1%and 100%.

Level Low

Enter the low level value used here. This option specifies the low threshold value

as a percentage of the total bandwidth per port at which traffic is received on the

port. This value must be between 1%and 100%. If the low level is not specified,

the default value is 80% of the specified risen level.

Click the

Apply

button to accept the changes made.

DoS Attack Prevention Settings

This window is used to display and configure the Denial-of-Service (DoS) attack prevention settings. The following

well-known DoS types which can be detected by most Switches:

•

Land Attack:

This type of attack involves IP packets where the source and destination address are set to the

address of the target device. It may cause the target device to reply to itself continuously.

•

Blat Attack

: This type of attack will send packets with the TCP/UDP source port equal to the destination port of

the target device. It may cause the target device to respond to itself.

•

TCP-Null:

This type of attack involves port scanning by using specific packets which contain a sequence

number of 0 and no flags.

•

TCP-Xmas:

This type of attack involves port scanning by using specific packets which contain a sequence

number of 0 and the Urgent (URG), Push (PSH), and FIN flags.

•

TCPSYN-FIN:

This type of attack involves port scanning by using specific packets which contain SYN and FIN

flags.

•

TCP SYN SrcPort Less 1024:

This type of attack involves port scanning by using specific packets which

contain source port 0 to 1023 and SYN flag.

•

Ping of Death Attack:

A ping of death is a type of attack on a computer that involves sending a malformed or

otherwise a malicious ping to a computer. A ping is normally 64 bytes in size (many computers cannot handle a