Home » D-Link Manuals » Wireless » D-Link DGS-1510 » Manual Viewer

D-Link DGS-1510 User Manual - Page 359

DoS Attack Prevention Settings, TCP SYN SrcPort Less 1024

Add to My Manuals
Save this manual to your list of manuals

Page 359 highlights

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide After selecting the Level option as the Level Type, the following parameters are available. Figure 9-87 Storm Control (Level) Window The fields that can be configured are described below: Parameter Level Rise Level Low Description Enter the rise level value used here. This option specifies the rise threshold value as a percentage of the total bandwidth per port at which traffic is received on the port. This value must be between 0% and 100%. Enter the low-level value used here. This option specifies the low threshold value as a percentage of the total bandwidth per port at which traffic is received on the port. This value must be between 0% and 100%. If the low level is not specified, the default value is 80% of the specified risen level. Click the Apply button to accept the changes made. DoS Attack Prevention Settings This window is used to view and configure the Denial-of-Service (DoS) attack prevention settings. The following well-known DoS types, which can be detected by most switches: • Land Attack: This type of attack involves IP packets where the source and destination address are set to the address of the target device. It may cause the target device to reply to itself continuously. • Blat Attack: This type of attack will send packets with the TCP/UDP source port equal to the destination port of the target device. It may cause the target device to respond to itself. • TCP-Null: This type of attack involves port scanning by using specific packets, which contain a sequence number of 0 and no flags. • TCP-Xmas: This type of attack involves port scanning by using specific packets, which contain a sequence number of 0 and the Urgent (URG), Push (PSH), and FIN flags. • TCP SYN-FIN: This type of attack involves port scanning by using specific packets, which contain SYN and FIN flags. • TCP SYN SrcPort Less 1024: This type of attack involves port scanning by using specific packets, which contain source port 0 to 1023, and SYN flag. • Ping of Death Attack: A ping of death is a type of attack on a computer that involves sending a malformed or otherwise a malicious ping to a computer. A ping is normally 64 bytes in size (many computers cannot handle a ping larger than the maximum IP packet size) which is 65535 bytes. The sending of a ping of this size can crash the target computer. Traditionally, this bug has been relatively easy to exploit. Generally, sending a 65536 byte ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash. • TCP Tiny Fragment Attack: The Tiny TCP Fragment attacker uses IP fragmentation to create extremely small fragments and force the TCP header information into a separate packet fragment to pass through the check function of the router and issue an attack. • All Types: All of above types. 348

Section	Page
Table of Contents	3
1. Introduction	12
Audience	12
Other Documentation	12
Conventions	12
Notes, Notices, and Cautions	12
2. Web-based Switch Configuration	13
Management Options	13
Connecting using the Web UI	13
Logging onto the Web UI	14
Smart Wizard	15
Step 1 - Web Mode	15
Step 2 - System IP Information	16
Step 3 - User Accounts Settings	17
Step 4 - SNMP Settings	18
Web User Interface (Web UI)	20
Areas of the User Interface	20
Standard Mode	20
Surveillance Mode	21
3. System	23
Device Information	23
System Information Settings	23
Peripheral Settings	24
Port Configuration	25
Port Settings	25
Port Status	27
Port GBIC	27
Port Auto Negotiation	28
Error Disable Settings	28
Jumbo Frame	29
Interface Description	30
PoE (PoE Switches Only)	30
PoE System	31
PoE Status	32
PoE Configuration	33
PD Alive	34
PoE Statistics	35
PoE Measurement	36
PoE LLDP Classification	37
System Log	38
System Log Settings	38
System Log Discriminator Settings	40
System Log Server Settings	41
System Log	41
System Attack Log	42
Time and SNTP	42
Clock Settings	42
Time Zone Settings	43
SNTP Settings	44
Time Range	45
4. Management	47
User Account Settings	47
Password Encryption	49
Login Method	49
SNMP	50
SNMP Global Settings	52
SNMP Linkchange Trap Settings	53
SNMP View Table Settings	54
SNMP Community Table Settings	54
SNMP Group Table Settings	56
SNMP Engine ID Local Settings	57
SNMP User Table Settings	57
SNMP Host Table Settings	58
RMON	59
RMON Global Settings	59
RMON Statistics Settings	60
RMON History Settings	61
RMON Alarm Settings	62
RMON Event Settings	63
Telnet/Web	64
Session Timeout	65
DHCP	66
Service DHCP	66
DHCP Class Settings	66
DHCP Server	67
DHCP Server Global Settings	68
DHCP Server Pool Settings	69
DHCP Server Exclude Address	71
DHCP Server Manual Binding	72
DHCP Server Dynamic Binding	73
DHCP Server IP Conflict	73
DHCP Server Statistic	74
DHCPv6 Server	75
DHCPv6 Server Pool Settings	75
DHCPv6 Server Local Pool Settings	77
DHCPv6 Server Exclude Address	77
DHCPv6 Server Binding	78
DHCPv6 Server Interface Settings	79
DHCPv6 Server Operational Information	80
DHCP Relay	80
DHCP Relay Global Settings	80
DHCP Relay Pool Settings	80
DHCP Relay Information Settings	83
DHCP Relay Information Option Format Settings	84
DHCP Relay Information Profile Settings	85
DHCP Local Relay VLAN	88
DHCPv6 Relay	88
DHCPv6 Relay Global Settings	88
DHCPv6 Relay Interface Settings	89
DHCP Auto Configuration	90
DNS	90
DNS Global Settings	91
DNS Name Server Settings	91
DNS Host Settings	92
NTP	93
NTP Global Settings	93
NTP Server Settings	94
NTP Peer Settings	95
NTP Access Group Settings	96
NTP Key Settings	97
NTP Interface Settings	98
NTP Associations	98
NTP Status	99
IP Source Interface	99
File System	100
Physical Stacking	101
Virtual Stacking (SIM)	105
Single IP Settings	108
Topology	109
File	109
Print Topology	109
Preference	110
Group	110
Add to Group	110
Remove from Group	111
Device	111
Configure	111
View	111
Refresh	111
Topology	111
Help	114
About	114
Firmware Upgrade	114
Configuration File Backup/Restore	115
Upload Log File	115
D-Link Discovery Protocol	116
5. Layer 2 Features	117
FDB	117
Static FDB	117
Unicast Static FDB	117
Multicast Static FDB	118
MAC Address Table Settings	118
MAC Address Table	120
MAC Notification	121
VLAN	122
VLAN Configuration Wizard	122
Create/Configure VLAN	122
Create VLAN	123
Configure VLAN	124
802.1Q VLAN	125
VLAN Interface	126
VLAN Interface Settings	126
Port Summary	129
802.1v Protocol VLAN	129
Protocol VLAN Profile	129
Protocol VLAN Profile Interface	130
GVRP	130
GVRP Global	130
GVRP Port	131
GVRP Advertise VLAN	132
GVRP Forbidden VLAN	133
GVRP Statistics Table	134
Asymmetric VLAN	134
MAC VLAN	135
L2VLAN Interface Description	136
Auto Surveillance VLAN	136
Auto Surveillance Properties	136
MAC Settings and Surveillance Device	138
ONVIF IP-Camera Information	139
ONVIF NVR Information	140
Voice VLAN	141
Voice VLAN Global	141
Voice VLAN Port	143
Voice VLAN OUI	144
Voice VLAN Device	144
Voice VLAN LLDP-MED Device	145
STP	145
STP Global Settings	147
STP Port Settings	149
MST Configuration Identification	150
STP Instance	152
MSTP Port Information	152
ERPS (G.8032)	153
ERPS	153
ERPS Profile	156
Loopback Detection	157
Link Aggregation	159
L2 Multicast Control	162
IGMP Snooping	162
IGMP Snooping Settings	162
IGMP Snooping Groups Settings	165
IGMP Snooping Mrouter Settings	166
IGMP Snooping Statistics Settings	167
MLD Snooping	168
MLD Snooping Settings	169
MLD Snooping Groups Settings	171
MLD Snooping Mrouter Settings	172
MLD Snooping Statistics Settings	173
Multicast Filtering	174
LLDP	175
LLDP Global Settings	175
LLDP Port Settings	177
LLDP Management Address List	178
LLDP Basic TLVs Settings	178
LLDP Dot1 TLVs Settings	180
LLDP Dot3 TLVs Settings	181
LLDP-MED Port Settings	182
LLDP Statistics Information	183
LLDP Local Port Information	184
LLDP Neighbor Port Information	185
6. Layer 3 Features	187
ARP	187
ARP Aging Time	187
Static ARP	188
Proxy ARP	188
ARP Table	189
Gratuitous ARP	190
UDP Helper	191
IP Forward Protocol	191
IP Helper Address	191
IPv4 Interface	192
IPv4 Static/Default Route	194
IPv4 Route Table	195
IPv6 Interface	196
IPv6 Neighbor	200
IPv6 Static/Default Route	200
IPv6 Route Table	201
IPMC	202
IP Multicast Global Settings	202
IP Multicast Forwarding Cache	202
7. Quality of Service (QoS)	203
Basic Settings	203
Port Default CoS	203
Port Scheduler Method	204
Queue Settings	205
CoS to Queue Mapping	206
Port Rate Limiting	207
Queue Rate Limiting	208
Advanced Settings	209
DSCP Mutation Map	209
Port Trust State and Mutation Binding	210
DSCP CoS Mapping	211
CoS Color Mapping	212
DSCP Color Mapping	213
Class Map	214
Aggregate Policer	215
Policy Map	218
Policy Binding	221
8. Access Control List (ACL)	222
ACL Configuration Wizard	222
ACL Access List	241
Standard IP ACL	242
Extended IP ACL	245
Standard IPv6 ACL	254
Extended IPv6 ACL	258
Extended MAC ACL	266
Extended Expert ACL	270
ACL Interface Access Group	282
ACL VLAN Access Map	283
ACL VLAN Filter	284
9. Security	286
Port Security	286
Port Security Global Settings	286
Port Security Port Settings	287
Port Security Address Entries	288
802.1X	289
802.1X Global Settings	293
802.1X Port Settings	294
Authentication Session Information	295
Authenticator Statistics	296
Authenticator Session Statistics	296
Authenticator Diagnostics	297
AAA	297
AAA Global Settings	297
Application Authentication Settings	298
Application Accounting Settings	298
Authentication Settings	299
Accounting Settings	301
Server RADIUS Dynamic Author Settings	303
RADIUS	304
RADIUS Global Settings	304
RADIUS Server Settings	305
RADIUS Group Server Settings	306
RADIUS Statistic	307
TACACS+	308
TACACS+ Global Settings	308
TACACS+ Server Settings	309
TACACS+ Group Server Settings	310
TACACS+ Statistic	311
IMPB	311
IPv4	312
DHCPv4 Snooping	312
DHCP Snooping Global Settings	312
DHCP Snooping Port Settings	313
DHCP Snooping VLAN Settings	314
DHCP Snooping Database	314
DHCP Snooping Binding Entry	315
Dynamic ARP Inspection	316
ARP Access List	316
ARP Inspection Settings	317
ARP Inspection Port Settings	319
ARP Inspection VLAN	320
ARP Inspection Statistics	320
ARP Inspection Log	321
IP Source Guard	321
IP Source Guard Port Settings	321
IP Source Guard Binding	322
IP Source Guard HW Entry	323
Advanced Settings	324
IP-MAC-Port Binding Settings	324
IP-MAC-Port Binding Blocked Entry	325
IPv6	326
IPv6 Snooping	326
IPv6 ND Inspection	327
IPv6 RA Guard	328
IPv6 DHCP Guard	328
IPv6 Source Guard	329
IPv6 Source Guard Settings	329
IPv6 Neighbor Binding	330
DHCP Server Screening	331
DHCP Server Screening Global Settings	331
DHCP Server Screening Port Settings	332
ARP Spoofing Prevention	333
BPDU Attack Protection	334
MAC Authentication	335
Web-based Access Control	336
Web Authentication	338
WAC Port Settings	339
WAC Customize Page	340
Japanese Web-based Access Control	341
JWAC Global Settings	341
JWAC Port Settings	343
JWAC Customize Page Language	344
JWAC Customize Page	345
Network Access Authentication	346
Guest VLAN	346
Network Access Authentication Global Settings	347
Network Access Authentication Port Settings	349
Network Access Authentication Sessions Information	350
Safeguard Engine	351
Safeguard Engine Settings	352
CPU Protect Counters	353
CPU Protect Sub-Interface	353
CPU Protect Type	354
Trusted Host	355
Traffic Segmentation Settings	355
Storm Control Settings	357
DoS Attack Prevention Settings	359
SSH	360
SSH Global Settings	361
Host Key	362
SSH Server Connection	362
SSH User Settings	363
SSL	363
SSL Global Settings	364
Crypto PKI Trustpoint	365
SSL Service Policy	366
Network Protocol Port Protection Settings	367
10. OAM	368
Cable Diagnostics	368
DDM	368
DDM Settings	369
DDM Temperature Threshold Settings	370
DDM Voltage Threshold Settings	370
DDM Bias Current Threshold Settings	371
DDM TX Power Threshold Settings	372
DDM RX Power Threshold Settings	372
DDM Status Table	373
11. Monitoring	374
Utilization	374
Port Utilization	374
Statistics	375
Port	375
Port Counters	377
Counters	378
Mirror Settings	379
sFlow	381
sFlow Agent Information	381
sFlow Receiver Settings	382
sFlow Sampler Settings	383
sFlow Poller Settings	384
Device Environment	384
12. Green	385
Power Saving	385
EEE	387
13. Toolbar	388
Save	388
Save Configuration	388
Tools	388
Firmware Upgrade & Backup	388
Firmware Upgrade from HTTP	388
Firmware Upgrade from TFTP	389
Firmware Backup to HTTP	389
Firmware Backup to TFTP	390
Configuration Restore & Backup	391
Configuration Restore from HTTP	391
Configuration Restore from TFTP	391
Configuration Backup to HTTP	392
Configuration Backup to TFTP	393
Log Backup	393
Log Backup to HTTP	393
Log Backup to TFTP	394
Ping	395
Trace Route	397
Language Management	399
Reset	399
Reboot System	400
Wizard	400
Online Help	400
D-Link Support Site	400
User Guide	400
Surveillance Mode	401
Logout	401
14. Surveillance Mode	402
Surveillance Overview	402
Surveillance Topology	402
Device Information	406
Port Information	407
Group Details	408
IP-Camera Information	409
NVR Information	410
PoE Information	412
PoE Scheduling	413
Management	414
File System	414
Time	416
Clock Settings	416
SNTP Settings	417
Surveillance Settings	418
Surveillance Log	419
Health Diagnostic	420
Toolbar	421
Wizard	421
Tools	421
Firmware Upgrade & Backup	421
Firmware Upgrade from HTTP	421
Firmware Backup to HTTP	422
Configuration Restore & Backup	422
Configuration Restore from HTTP	422
Configuration Backup to HTTP	423
Language Management	423
Reset	424
Reboot System	424
Save	425
Save Configuration	425
Help	425
Online Help	426
D-Link Support Site	426
User Guide	426
Standard Mode	426
Logout	426
Appendix A - System Log Entries	427
802.1X	427
AAA	427
ARP Spoofing Prevention	430
Auto Save Configuration	430
Auto Surveillance VLAN	430
BPDU Attack Protection	431
Configuration/Firmware	431
DAI	434
DDM	435
DHCPv6 Client	435
DHCPv6 Relay	436
DNS Resolver	437
DoS Prevention	437
ErrDisable	437
Interface	438
JWAC	438
LACP	439
LBD	439
LLDP-MED	440
Login/Logout CLI	441
MAC-based Access Control	443
MSTP Debug Enhancement	444
Peripheral	446
PoE	447
Port Security	448
Safeguard	448
SNMP	448
SSH	448
Stacking	448
Storm Control	450
System Log Summary	450
Telnet	451
Voice-VLAN	451
Web	452
Web-Authentication	453
Appendix B - Trap Entries	454
802.1X	454
Authentication Fail	454
BPDU Attack Protection	454
DDM	454
DHCP Server Screen Prevention	455
DoS Prevention	455
ErrDisable	455
General Management	456
Gratuitous ARP Function	456
IMPB	456
LACP	456
LBD	457

Match case Limit results 1 per page

DGS-1510 Series Gigabit Ethernet SmartPro Switch Web UI Reference Guide

348

After selecting the

Level

option as the

Level Type

, the following parameters are available.

Figure 9-87 Storm Control (Level) Window

The fields that can be configured are described below:

Parameter

Description

Level Rise

Enter the rise level value used here. This option specifies the rise

threshold value as a percentage of the total bandwidth per port at

which traffic is received on the port. This value must be between

0% and 100%.

Level Low

Enter the low-level value used here. This option specifies the low

threshold value as a percentage of the total bandwidth per port at

which traffic is received on the port. This value must be between

0% and 100%. If the low level is not specified, the default value is

80% of the specified risen level.

Click the

Apply

button to accept the changes made.

DoS Attack Prevention Settings

This window is used to view and configure the Denial-of-Service (DoS) attack prevention settings. The

following well-known DoS types, which can be detected by most switches:

•

Land Attack:

This type of attack involves IP packets where the source and destination address

are set to the address of the target device. It may cause the target device to reply to itself

continuously.

•

Blat Attack

: This type of attack will send packets with the TCP/UDP source port equal to the

destination port of the target device. It may cause the target device to respond to itself.

•

TCP-Null:

This type of attack involves port scanning by using specific packets, which contain a

sequence number of 0 and no flags.

•

TCP-Xmas:

This type of attack involves port scanning by using specific packets, which contain

a sequence number of 0 and the Urgent (URG), Push (PSH), and FIN flags.

•

TCP SYN-FIN:

This type of attack involves port scanning by using specific packets, which

contain SYN and FIN flags.

•

TCP SYN SrcPort Less 1024:

This type of attack involves port scanning by using specific

packets, which contain source port 0 to 1023, and SYN flag.

•

Ping of Death Attack:

A ping of death is a type of attack on a computer that involves sending

a malformed or otherwise a malicious ping to a computer. A ping is normally 64 bytes in size

(many computers cannot handle a ping larger than the maximum IP packet size) which is

65535 bytes. The sending of a ping of this size can crash the target computer. Traditionally, this

bug has been relatively easy to exploit. Generally, sending a 65536 byte ping packet is illegal

according to networking protocol, but a packet of such a size can be sent if it is fragmented;

when the target computer reassembles the packet, a buffer overflow can occur, which often

causes a system crash.

•

TCP Tiny Fragment Attack:

The Tiny TCP Fragment attacker uses IP fragmentation to create

extremely small fragments and force the TCP header information into a separate packet

fragment to pass through the check function of the router and issue an attack.

•

All Types:

All of above types.