Dell PowerConnect M6220 Configuration Guide - Page 41

Denial of Service Attack Protection, Overview

Get Dell PowerConnect M6220 PDF manuals and user guides View all Dell PowerConnect M6220 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 41 highlights

Interface Link Transmit Receive Notify TLVs Mgmt 1/g10 Down Enabled Enabled Disabled Y TLV Codes: 0- Port Description, 1- System Name 2- System Description, 3- System Capabilities Denial of Service Attack Protection This section describes the PowerConnect 6200 Series Denial of Service Protection feature. Overview Denial of Service: • Spans two categories: - Protection of the switch - Protection of the network • Protects against the exploitation of a number of vulnerabilities which would make the host or network unstable • Compliant with Nessus. Dell tested the switch software with Nessus version 2.0.10. Nessus is a widelyused vulnerability assessment tool. • PowerConnect 6200 Series software provides a number of features that help a network administrator protect networks against DoS attacks. There are 6 available types of attacks which can be monitored for and blocked. Each type of attack is represented by a dos-control command keyword. console(config)#dos-control ? firstfrag icmp l4port sipdip tcpflag tcpfrag Enables IPv4 first fragment checking. Enables ICMP size checking. Enables L4 port number checking. Enables SIP=DIP checking. Enables TCP flag checking. Enables TCP fragment checking. Switching Configuration 41

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
Switching Configuration
41
Interface
Link
Transmit
Receive
Notify
TLVs
Mgmt
---------
------
--------
--------
--------
-------
----
1/g10
Down
Enabled
Enabled
Disabled
Y
TLV Codes: 0- Port Description,
1- System Name
2- System Description, 3- System Capabilities
Denial of Service Attack Protection
This section describes the PowerConnect 6200 Series Denial of Service Protection feature.
Overview
Denial of Service:
Spans two categories:
Protection of the switch
Protection of the network
Protects against the exploitation of a number of vulnerabilities which would make the host or network
unstable
Compliant with Nessus. Dell tested the switch software with Nessus version 2.0.10. Nessus is a widely-
used vulnerability assessment tool.
PowerConnect 6200 Series software provides a number of features that help a network administrator
protect networks against DoS attacks.
There are 6 available types of attacks which can be monitored for and blocked. Each type of attack is
represented by a
dos-control
command keyword.
console(config)#dos-control ?
firstfrag
Enables IPv4 first fragment checking.
icmp
Enables ICMP size checking.
l4port
Enables L4 port number checking.
sipdip
Enables SIP=DIP checking.
tcpflag
Enables TCP flag checking.
tcpfrag
Enables TCP fragment checking.