Home » D-Link Manuals » Wireless » D-Link DGS-3630 » Manual Viewer

D-Link DGS-3630 User Manual 1 - Page 567

DoS Attack Prevention Settings, TCP SYN SrcPort Less 1024

Add to My Manuals
Save this manual to your list of manuals

Page 567 highlights

DGS-3630 Series Layer 3 Stackable Managed Switch Web UI Reference Guide Parameter Description This value must be between 1 and 2147483647 Kbps. If the low KBPS is not specified, the default value is 80% of the specified risen KBPS. Click the Apply button to accept the changes made. After selecting the Level option as the Level Type, the following parameters are available. Figure 9-91 Storm Control Settings (Level Type - Level) Window The additional fields that can be configured in Storm Control Port Settings are described below: Parameter Level Rise Level Low Description Enter the rise level value used here. This option specifies the rise threshold value as a percentage of the total bandwidth per port at which traffic is received on the port. This value must be between 1% and 100%. Enter the low level value used here. This option specifies the low threshold value as a percentage of the total bandwidth per port at which traffic is received on the port. This value must be between 1% and 100%. If the low level is not specified, the default value is 80% of the specified risen level. Click the Apply button to accept the changes made. DoS Attack Prevention Settings This window is used to display and configure the Denial-of-Service (DoS) attack prevention settings. The following well-known DoS types which can be detected by most Switches: • Land Attack: This type of attack involves IP packets where the source and destination address are set to the address of the target device. It may cause the target device to reply to itself continuously. • Blat Attack: This type of attack will send packets with the TCP/UDP source port equal to the destination port of the target device. It may cause the target device to respond to itself. • TCP-Null: This type of attack involves port scanning by using specific packets which contain a sequence number of 0 and no flags. • TCP-Xmas: This type of attack involves port scanning by using specific packets which contain a sequence number of 0 and the Urgent (URG), Push (PSH), and FIN flags. • TCP SYN-FIN: This type of attack involves port scanning by using specific packets which contain SYN and FIN flags. • TCP SYN SrcPort Less 1024: This type of attack involves port scanning by using specific packets which contain source port 0 to 1023 and SYN flag. • Ping of Death Attack: A ping of death is a type of attack on a computer that involves sending a malformed or otherwise a malicious ping to a computer. A ping is normally 64 bytes in size (many computers cannot handle a ping larger than the maximum IP packet size which is 65535 bytes). The sending of a ping of this size can crash the target computer. Traditionally, this bug has been relatively easy to exploit. Generally, sending a 65536 byte ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash. • TCP Tiny Fragment Attack: The Tiny TCP Fragment attacker uses IP fragmentation to create extremely small fragments and force the TCP header information into a separate packet fragment to pass through the check function of the router and issue an attack. 555

Section	Page
1. Introduction	13
Audience	13
Other Documentation	13
Conventions	13
Notes, Notices, and Cautions	13
2. Web-based Switch Configuration	15
Management Options	15
Areas of the User Interface	17
3. System	18
Device Information	18
System Information Settings	18
Peripheral Settings	19
Port Configuration	20
Port Settings	20
Port Status	22
Port GBIC	23
Port Auto Negotiation	24
Error Disable Settings	24
Jumbo Frame	26
Interface Description	26
Loopback Test	27
PoE	28
PoE System	28
PoE Status	29
PoE Configuration	30
PD Alive	31
PoE Statistics	32
PoE Measurement	33
PoE LLDP Classification	34
System Log	34
System Log Settings	34
System Log Discriminator Settings	37
System Log Server Settings	38
System Log	39
System Attack Log	39
Time and SNTP	40
Clock Settings	40
Time Zone Settings	40
SNTP Settings	42
Time Range	43
PTP (Precise Time Protocol)	44
PTP Global Settings	44
PTP Port Global Settings	46
PTP Boundary Port Settings	47
PTP P2P Transparent Port Settings	48
PTP Clock Information	49
PTP Port Information	49
PTP Foreign Master Records Port Information	50
USB Console Settings	50
SRM	51
SRM Prefer Current Settings	51
SRM Prefer Mode	52
4. Management	53
Command Logging	53
User Accounts Settings	53
CLI Alias Settings	55
Password Encryption	56
Password Recovery	56
Login Method	57
SNMP	58
SNMP Global Settings	59
SNMP Linkchange Trap Settings	60
SNMP View Table Settings	61
SNMP Community Table Settings	62
SNMP Group Table Settings	63
SNMP Engine ID Local Settings	64
SNMP User Table Settings	65
SNMP Host Table Settings	66
SNMP Context Mapping Table Settings	68
RMON	68
RMON Global Settings	68
RMON Statistics Settings	69
RMON History Settings	70
RMON Alarm Settings	70
RMON Event Settings	71
Telnet/Web	72
Session Timeout	73
DHCP	74
Service DHCP	74
DHCP Class Settings	75
DHCP Server	76
DHCP Server Global Settings	76
DHCP Server Pool Settings	77
DHCP Server Exclude Address	80
DHCP Server Manual Binding	81
DHCP Server Dynamic Binding	82
DHCP Server IP Conflict	82
DHCP Server Statistic	83
DHCPv6 Server	84
DHCPv6 Server Pool Settings	84
DHCPv6 Server Local Pool Settings	86
DHCPv6 Server Exclude Address	87
DHCPv6 Server Binding	87
DHCPv6 Server Interface Settings	88
DHCPv6 Server Operational Information	88
DHCP Relay	89
DHCP Relay Global Settings	89
DHCP Relay Pool Settings	89
DHCP Relay Information Settings	92
DHCP Relay Information Option Format Settings	93
DHCP Relay Information Profile Settings	94
DHCP Relay Port Settings	96
DHCP Local Relay VLAN	97
DHCPv6 Relay	97
DHCPv6 Relay Global Settings	97
DHCPv6 Relay Interface Settings	99
DHCPv6 Relay Remote ID Profile Settings	100
DHCPv6 Relay Interface ID Profile Settings	102
DHCPv6 Relay Format Type Settings	104
DHCPv6 Relay Port Settings	104
DHCPv6 Local Relay VLAN	105
DHCP Auto Configuration	106
DHCP Auto Image Settings	106
DNS	107
DNS Global Settings	107
DNS Name Server Settings	108
DNS Host Settings	109
NTP	110
NTP Global Settings	110
NTP Server Settings	111
NTP Peer Settings	112
NTP Access Group Settings	113
NTP Key Settings	114
NTP Interface Settings	115
NTP Associations	115
NTP Status	116
IP Source Interface	117
File System	118
Stacking	120
Physical Stacking	124
Stacking Bandwidth	125
Virtual Stacking (SIM)	126
Single IP Settings	128
Topology	129
File	130
Print Topology	130
Preference	130
Group	131
Add to Group	131
Remove from Group	131
Device	131
Configure	131
View	131
Refresh	131
Topology	132
Help	134
About	134
Firmware Upgrade	135
Configuration File Backup/Restore	135
Upload Log File	136
D-Link Discovery Protocol	136
SMTP Settings	137
Reboot Schedule Settings	139
NLB FDB Settings	140
SD Card Management	141
SD Card Backup Settings	141
SD Card Execute Settings	142
5. Layer 2 Features	144
FDB	144
Static FDB	144
Unicast Static FDB	144
Multicast Static FDB	145
MAC Address Table Settings	145
MAC Address Table	147
MAC Notification	148
VLAN	150
802.1Q VLAN	150
802.1v Protocol VLAN	150
Protocol VLAN Profile	150
Protocol VLAN Profile Interface	151
GVRP	152
GVRP Global	152
GVRP Port	152
GVRP Advertise VLAN	153
GVRP Forbidden VLAN	154
GVRP Statistics Table	155
Asymmetric VLAN	155
MAC VLAN	156
VLAN Interface	156
L2VLAN Interface Description	163
Subnet VLAN	164
Super VLAN	165
Auto Surveillance VLAN	167
Auto Surveillance Properties	167
MAC Settings and Surveillance Device	168
Voice VLAN	169
Voice VLAN Global	169
Voice VLAN Port	170
Voice VLAN OUI	171
Voice VLAN Device	172
Voice VLAN LLDP-MED Device	172
Private VLAN	172
VLAN Tunnel	174
Dot1q Tunnel	174
VLAN Mapping	176
VLAN Mapping Profile	177
STP	182
STP Global Settings	184
STP Port Settings	185
MST Configuration Identification	187
STP Instance	188
MSTP Port Information	189
ERPS (G.8032)	189
ERPS	190
ERPS Profile	194
Loopback Detection	195
Link Aggregation	197
MLAG	199
MLAG Settings	200
MLAG Group	201
Flex Links	202
L2 Protocol Tunnel	203
L2 Multicast Control	205
IGMP Snooping	205
IGMP Snooping Settings	205
IGMP Snooping AAA Settings	208
IGMP Snooping Groups Settings	209
IGMP Snooping Filter Settings	210
IGMP Snooping Mrouter Settings	212
IGMP Snooping Statistics Settings	213
MLD Snooping	214
MLD Snooping Settings	215
MLD Snooping Groups Settings	218
MLD Snooping Filter Settings	219
MLD Snooping Mrouter Settings	221
MLD Snooping Statistics Settings	222
Multicast VLAN	223
Multicast VLAN Settings	223
Multicast VLAN Group Settings	226
PIM Snooping	228
PIM Snooping Global Settings	228
PIM Snooping Neighbor Table	229
PIM Snooping Mroute Table	229
PIM Snooping Statistics Table	230
Multicast Filtering Mode	231
LLDP	231
LLDP Global Settings	231
LLDP Port Settings	233
LLDP Management Address List	234
LLDP Basic TLVs Settings	234
LLDP Dot1 TLVs Settings	235
LLDP Dot3 TLVs Settings	236
LLDP-MED Port Settings	237
LLDP-DCBX Port Settings	238
LLDP Statistics Information	238
LLDP Local Port Information	239
LLDP Neighbor Port Information	241
6. Layer 3 Features	244
ARP	244
ARP Elevation	244
ARP Aging Time	245
Static ARP	245
ARP Force Aging IP Address	246
Proxy ARP	246
ARP Table	247
Gratuitous ARP	248
IPv6 Neighbor	248
Interface	250
IPv4 Interface	250
IPv6 Interface	253
Loopback Interface	257
Null Interface	258
UDP Helper	258
IP Forward Protocol	258
IP Helper Address	259
IPv4 Static/Default Route	260
IPv4 Static Route BFD	261
IPv4 Route Table	262
IPv6 Static/Default Route	262
IPv6 Static Route BFD	263
IPv6 Route Table	264
Route Preference	265
ECMP Settings	265
IPv6 General Prefix	266
IP Tunnel Settings	267
URPF Settings	269
VRF	270
VRF Settings	270
VRF Interface Settings	273
RIP	274
RIP Settings	274
RIP Distribute List	276
RIP Interface Settings	277
RIP Database	278
RIPng	278
RIPng Settings	278
RIPng Interface Settings	280
RIPng Database	281
OSPF	281
OSPFv2	281
OSPFv2 Process Settings	281
OSPFv2 Distribute List	284
OSPFv2 GR Helper Settings	285
OSPFv2 Passive Interface Settings	286
OSPFv2 Area Settings	286
OSPFv2 Interface Settings	288
OSPFv2 BFD Settings	291
OSPFv2 Redistribute Settings	292
OSPFv2 Virtual Link Settings	293
OSPFv2 LSDB Table	295
OSPFv2 Neighbor Table	296
OSPFv2 Host Route Settings	297
OSPFv3	298
OSPFv3 Process Settings	298
OSPFv3 Passive Interface Settings	300
OSPFv3 Area Settings	301
OSPFv3 Interface Settings	303
OSPFv3 Redistribute Settings	306
OSPFv3 Virtual Link Settings	307
OSPFv3 LSDB Table	308
OSPFv3 Neighbor Table	310
OSPFv3 Border Router Table	311
IP Multicast Routing Protocol	311
IGMP	311
IGMP Interface Settings	311
IGMP Static Group Settings	313
IGMP Dynamic Group Table	314
IGMP SSM Mapping Settings	314
MLD	316
MLD Interface Settings	316
MLD Static Group Settings	318
MLD Group Table	318
MLD SSM Mapping Settings	319
IGMP Proxy	320
IGMP Proxy Settings	320
IGMP Proxy Group Table	322
IGMP Proxy Forwarding Table	322
MLD Proxy	323
MLD Proxy Settings	323
MLD Proxy Group Table	324
MLD Proxy Forwarding Table	324
DVMRP	325
DVMRP Interface Settings	325
DVMRP Routing Table	326
DVMRP Neighbor Table	327
PIM	327
PIM for IPv4	329
PIM Interface	329
PIM BSR Candidate	331
PIM RP Address	332
PIM RP Candidate	334
PIM RP Table	335
PIM Register Settings	336
PIM SPT Threshold Settings	338
PIM SSM Settings	338
PIM Neighbor Table	339
PIM for IPv6	340
PIM for IPv6 Interface	340
PIM for IPv6 BSR Candidate Settings	342
PIM for IPv6 BSR Table	343
PIM for IPv6 RP Address	343
PIM for IPv6 RP Candidate	345
PIM for IPv6 RP Embedded Settings	347
PIM for IPv6 RP Table	347
PIM for IPv6 Register Settings	348
PIM for IPv6 SPT Threshold Settings	349
PIM for IPv6 SSM Settings	349
PIM for IPv6 (S,G) Keepalive Time	350
PIM for IPv6 Mroute Table	351
PIM for IPv6 Neighbor Table	352
MSDP	353
MSDP Global Settings	353
MSDP Peer Settings	354
MSDP SA Cache	357
MSDP Static RPF Settings	358
MSDP Mesh Group Settings	358
IPMC	359
IP Multicast Global Settings	359
IP Multicast Route Settings	361
IP Multicast RPF Table	362
IP Multicast Forwarding Cache	363
IP Multicast Protocol Statistics	363
Control Packet CPU Filtering	364
IPv6MC	365
IPv6 Multicast Global Settings	365
IPv6 Static Multicast Route Settings	366
IPv6 Multicast Routing Table	367
IPv6 Multicast Routing Forwarding Cache Table	368
IPv6 RPF Table	368
BGP	369
BGP Global Settings	369
BGP Aggregate Address Settings	371
BGP Network Settings	372
BGP Route Redistribution Settings	373
BGP Route Preference Settings	375
BGP Dampening Settings	376
BGP Dampening Dampened Paths Table	378
BGP Dampening Flap Statistics Table	379
BGP Reflector Settings	381
BGP Confederation Settings	382
BGP AS Path Access List Settings	382
BGP Community List Settings	383
BGP Extended Community List Settings	385
BGP Clear Settings	386
BGP Summary Table	387
BGP Routing Table	388
BGP Labels Table	390
BGP Neighbor	391
Neighbor	391
Peer Group	393
Neighbor Activate	395
Neighbor Shutdown	396
Neighbor Map Settings	397
Neighbor Filter Settings	398
Neighbor Maximum Prefix Settings	400
Neighbor General Settings	401
BFD	404
BFD Settings	404
BFD Neighbor Table	406
ISIS	406
ISIS Global Settings	406
ISIS Router Settings	411
ISIS Interface Settings	414
ISIS Redistribute Settings	417
ISIS Redistribute ISIS Settings	418
ISIS Route Table	419
ISIS Database	419
ISIS Topology	420
ISIS Hostname	421
ISIS Neighbors	421
IP Route Filter	422
IP Prefix List	422
Route Map	423
Policy Route	428
VRRP Settings	429
VRRPv3 Settings	431
7. Quality of Service (QoS)	435
Basic Settings	435
Port Default CoS	435
Port Scheduler Method	435
Queue Settings	437
CoS to Queue Mapping	437
Port Rate Limiting	438
Queue Rate Limiting	439
Queue Statistics Table	440
Advanced Settings	441
DSCP Mutation Map	441
Port Trust State and Mutation Binding	442
DSCP CoS Mapping	443
CoS Color Mapping	444
DSCP Color Mapping	444
Class Map	445
Aggregate Policer	447
Policy Map	450
Policy Binding	453
QoS PFC	454
Network QoS Class Map	454
Network QoS Policy Map	455
Network QoS Policy Binding	456
PFC Port Settings	457
WRED	458
WRED Profile	459
WRED Queue	460
WRED Drop Counter	461
iSCSI	461
iSCSI Settings	462
iSCSI Sessions	463
8. Access Control List (ACL)	464
ACL Configuration Wizard	464
Step 1 - Create/Update	464
Step 2 - Select Packet Type	465
Step 3 - Add Rule	466
MAC	466
IPv4	468
IPv6	471
Step 4 - Apply Port	473
ACL Access List	474
Standard IP ACL	476
Extended IP ACL	477
Standard IPv6 ACL	480
Extended IPv6 ACL	481
Extended MAC ACL	483
Extended Expert ACL	485
ACL Interface Access Group	488
ACL VLAN Access Map	489
ACL VLAN Filter	491
CPU ACL	492
9. Security	495
Port Security	495
Port Security Global Settings	495
Port Security Port Settings	496
Port Security Address Entries	498
802.1X	498
802.1X Global Settings	503
802.1X Port Settings	503
Authentication Sessions Information	504
Authenticator Statistics	505
Authenticator Session Statistics	506
Authenticator Diagnostics	506
AAA	507
AAA Global Settings	507
Application Authentication Settings	508
Application Accounting Settings	508
Authentication Settings	510
Accounting Settings	512
RADIUS	514
RADIUS Global Settings	514
RADIUS Server Settings	515
RADIUS Group Server Settings	516
RADIUS Statistic	518

Match case Limit results 1 per page

DGS-3630 Series Layer 3 Stackable Managed Switch Web UI Reference Guide

555

Parameter

Description

This value must be between 1 and 2147483647 Kbps. If the low KBPS is not

specified, the default value is 80% of the specified risen KBPS.

Click the

Apply

button to accept the changes made.

After selecting the

Level

option as the

Level Type

, the following parameters are available.

Figure 9-91 Storm Control Settings (Level Type - Level) Window

The additional fields that can be configured in

Storm Control Port Settings

are described below:

Parameter

Description

Level Rise

Enter the rise level value used here. This option specifies the rise threshold

value as a percentage of the total bandwidth per port at which traffic is received

on the port. This value must be between 1% and 100%.

Level Low

Enter the low level value used here. This option specifies the low threshold

value as a percentage of the total bandwidth per port at which traffic is received

on the port. This value must be between 1% and 100%. If the low level is not

specified, the default value is 80% of the specified risen level.

Click the

Apply

button to accept the changes made.

DoS Attack Prevention Settings

This window is used to display and configure the Denial-of-Service (DoS) attack prevention settings. The following

well-known DoS types which can be detected by most Switches:

•

Land Attack:

This type of attack involves IP packets where the source and destination address are set to the

address of the target device. It may cause the target device to reply to itself continuously.

•

Blat Attack

: This type of attack will send packets with the TCP/UDP source port equal to the destination port of

the target device. It may cause the target device to respond to itself.

•

TCP-Null:

This type of attack involves port scanning by using specific packets which contain a sequence

number of 0 and no flags.

•

TCP-Xmas:

This type of attack involves port scanning by using specific packets which contain a sequence

number of 0 and the Urgent (URG), Push (PSH), and FIN flags.

•

TCP SYN-FIN:

This type of attack involves port scanning by using specific packets which contain SYN and FIN

flags.

•

TCP SYN SrcPort Less 1024:

This type of attack involves port scanning by using specific packets which

contain source port 0 to 1023 and SYN flag.

•

Ping of Death Attack:

A ping of death is a type of attack on a computer that involves sending a malformed or

otherwise a malicious ping to a computer. A ping is normally 64 bytes in size (many computers cannot handle a

ping larger than the maximum IP packet size which is 65535 bytes). The sending of a ping of this size can crash

the target computer. Traditionally, this bug has been relatively easy to exploit. Generally, sending a 65536 byte

ping packet is illegal according to networking protocol, but a packet of such a size can be sent if it is

fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes

a system crash.

•

TCP Tiny Fragment Attack:

The Tiny TCP Fragment attacker uses IP fragmentation to create extremely small

fragments and force the TCP header information into a separate packet fragment to pass through the check

function of the router and issue an attack.