Netgear GSM7252PS ProSafe Managed Switch Web Management User Manual - Page 466
Port Authentication, Denial of Service Max ICMP Packet Size
UPC - 606449071665
View all Netgear GSM7252PS manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 466 highlights
ProSafe® Gigabit L3 Managed Stackable Switches Software Administration Manual 1. Use Denial of Service Min TCP Header Size to specify the Min TCP Hdr Size allowed. If DoS TCP Fragment is enabled, the switch will drop these packets: • First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size < Min_TCP_Header_Size. The factory default is disabled. 2. Use Denial of Service L4 Port to enable L4 Port DoS prevention causing the switch to drop packets having source TCP/UDP port number equal to destination TCP/UDP port number. The factory default is disabled. 3. Use Denial of Service First Fragment to enable First Fragment DoS prevention causing the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets. Otherwise, switch ignores the first fragment IP packages. The factory default is disabled. 4. Use Denial of Service ICMP to enable ICMP DoS prevention causing the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size. The factory default is disabled. 5. Use Denial of Service Max ICMP Packet Size to specify the Max ICMP Packet Size allowed (This includes the ICMP header size of 8 bytes). If ICMP DoS prevention is enabled, the switch will drop ICMP ping packets that have a size greater then this configured Max ICMP Packet Size minus the ICMP header size of 8 bytes. The factory default is 512. 6. Use Denial of Service SIP=DIP to enable SIP=DIP DoS prevention causing the switch to drop packets that have a source IP address equal to the destination IP address. The factory default is disabled. 7. Use Denial of Service TCP FLAG to enable TCP Flag DoS prevention causing the switch to drop these packets: • TCP SYN flag=1 & source port < 1024 • TCP control flag =0 & sequence number = 0 • TCP FIN,URG,PSH bits set & sequence number = 0 • TCP SYN & FIN bits set The factory default is disabled. 8. Use Denial of Service TCP Fragment to enable TCP Fragment DoS prevention causing the switch to drop packets: • First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size < Min_TCP_Header_Size. The factory default is disabled. Port Authentication In port-based authentication mode, when 802.1X is enabled globally and on the port, successful authentication of any one supplicant attached to the port results in all users being able to use the port without restrictions. At any given time, only one supplicant is allowed to attempt authentication on a port in this mode. Ports in this mode are under bidirectional control. This is the default authentication mode. 466 | Chapter 6. Managing Device Security