Home » TP-Link Manuals » Hubs & Switches » TP-Link TL-SG5412F » Manual Viewer

TP-Link TL-SG5412F TL-SG5412F V1 User Guide - Page 171

DoS Defend

Add to My Manuals
Save this manual to your list of manuals

Page 171 highlights

Select: Port: Security Type: LAG: Select your desired port for configuration. It is multi-optional. Displays the port number. Select Security Type for the port.  Disable: Select this option to disable the IP Source Guard feature for the port.  SIP: Only the packets with its source IP address and port number matched to the IP-MAC binding rules can be processed.  SIP+MAC: Only the packets with its source IP address, source MAC address and port number matched to the IP-MAC binding rules can be processed. Displays the LAG to which the port belongs to. 11.4 DoS Defend DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host, which incurs an abnormal service or even breakdown of the network. With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets and distinguish the malicious DoS attack packets. Upon detecting the packets, the switch will discard the illegal packets directly and limit the transmission rate of the legal packets if the over legal packets may incur a breakdown of the network. The switch can defend several types of DoS attack listed in the following table. DoS Attack Type Description Scan SYNFIN The attacker sends the packet with its SYN field and the FIN field set to 1. The SYN field is used to request initial connection whereas the FIN field is used to request disconnection. Therefore, the packet of this type is illegal. The switch can defend this type of illegal packet. Xmascan The attacker sends the illegal packet with its TCP index, FIN, URG and PSH field set to 1. NULL Scan Attack The attacker sends the illegal packet with its TCP index and all the control fields set to 0. During the TCP connection and data transmission, the packets with all the control fields set to 0 are considered as the illegal packets. SYN packet with its source The attacker sends the illegal packet with its TCP SYN field set to 1 and source port less than 1024 port less than 1024. Ping Flooding The attacker floods the destination system with Ping broadcast storm packets to forbid the system to respond to the legal communication. SYN/SYN-ACK Flooding The attacker uses a fake IP address to send TCP request packets to the Server. Upon receiving the request packets, the Server responds with SYN-ACK packets. Since the IP address is fake, no response will be returned. The Server will keep on sending SYN-ACK packets. If the attacker sends overflowing fake request packets, the network resource will be occupied maliciously and the requests of the legal clients will be denied. Table 11-1 Defendable DoS Attack Types 162

Section	Page
1.1 Intended Readers	11
1.2 Conventions	11
1.3 Overview of This Guide	11
2.1 Overview of the Switch	16
2.2 Main Features	16
2.3 Appearance Description	17
2.3.1 Front Panel	17
2.3.2 Rear Panel	18
3.1 Login	19
3.2 Configuration	19
4.1 System Info	21
4.1.1 System Summary	21
4.1.2 Device Description	23
4.1.3 System Time	23
4.1.4 System IP	25
4.2 User Manage	26
4.2.1 User Table	26
4.2.2 User Config	27
4.3 System Tools	28
4.3.1 Config Restore	28
4.3.2 Config Backup	29
4.3.3 Firmware Upgrade	29
4.3.4 System Reboot	30
4.3.5 System Reset	30
4.4 Access Security	31
4.4.1 Access Control	31
4.4.2 SSL Config	32
4.4.3 SSH Config	33
5.1 Port	39
5.1.1 Port Config	39
5.1.2 Port Mirror	40
5.1.3 Port Security	42
5.1.4 Port Isolation	44
5.2 LAG	45
5.2.1 LAG Table	45
5.2.2 Static LAG	47
5.2.3 LACP Config	48
5.3 Traffic Monitor	50
5.3.1 Traffic Summary	50
5.3.2 Traffic Statistics	51
5.4 MAC Address	53
5.4.1 Address Table	53
5.4.2 Static Address	55
5.4.3 Dynamic Address	56
5.4.4 Filtering Address	58
6.1 802.1Q VLAN	61
6.1.1 VLAN Config	62
6.1.2 Port Config	65
6.2 Protocol VLAN	67
6.2.1 Protocol VLAN	67
6.2.2 Protocol Template	68
6.2.3 Port Enable	69
6.3 Application Example for 802.1Q VLAN	70
6.4 Application Example for Protocol VLAN	71
6.5 VLAN VPN	73
6.5.1 VPN Config	74
6.5.2 Port Enable	74
6.6 GVRP	75
6.7 Private VLAN	78
6.7.1 PVLAN	82
6.7.2 Port Config	83
6.8 Application Example for Private VLAN	84
7.1 STP Config	92
7.1.1 STP Config	92
7.1.2 STP Summary	93
7.2 Port Config	94
7.3 MSTP Instance	96
7.3.1 Region Config	97
7.3.2 Instance Config	97
7.3.3 Instance Port Config	98
7.4 STP Security	100
7.4.1 Port Protect	100
7.4.2 TC Protect	103
7.5 Application Example for STP Function	103
8.1 IGMP Snooping	109
8.1.1 Snooping Config	110
8.1.2 Port Config	111
8.1.3 VLAN Config	113
8.1.4 Multicast VLAN	114
8.2 Multicast IP	118
8.2.1 Multicast IP Table	118
8.2.2 Static Multicast IP	119
8.3 Multicast Filter	120
8.3.1 IP-Range	120
8.3.2 Port Filter	121
8.4 Packet Statistics	122
9.1 DiffServ	126
9.1.1 Port Priority	126
9.1.2 Schedule Mode	127
9.1.3 802.1P Priority	128
9.1.4 DSCP Priority	129
9.2 Bandwidth Control	131
9.2.1 Rate Limit	131
9.2.2 Storm Control	132
9.3 Voice VLAN	134
9.3.1 Global Config	136
9.3.2 Port Config	136
9.3.3 OUI Config	138
10.1 Time-Range	140
10.1.1 Time-Range Summary	140
10.1.2 Time-Range Create	141
10.1.3 Holiday Config	142
10.2 ACL Config	142
10.2.1 ACL Summary	143
10.2.2 ACL Create	143
10.2.3 MAC ACL	144
10.2.4 Standard-IP ACL	145
10.2.5 Extend-IP ACL	145
10.3 Policy Config	147
10.3.1 Policy Summary	147
10.3.2 Policy Create	147
10.3.3 Action Create	148
10.4 Policy Binding	149
10.4.1 Binding Table	149
10.4.2 Port Binding	150
10.4.3 VLAN Binding	150
11.1 IP-MAC Binding	154
11.1.1 Binding Table	154
11.1.2 Manual Binding	155
11.1.3 ARP Scanning	157
11.1.4 DHCP Snooping	158
11.2 ARP Inspection	164
11.2.1 ARP Detect	167
11.2.2 ARP Defend	168
11.2.3 ARP Statistics	169
11.3 IP Source Guard	170
11.4 DoS Defend	171
11.5 802.1X	172
11.5.1 Global Config	176
11.5.2 Port Config	178
11.5.3 Radius Server	179
12.1 SNMP Config	183
12.1.1 Global Config	183
12.1.2 SNMP View	184
12.1.3 SNMP Group	185
12.1.4 SNMP User	186
12.1.5 SNMP Community	188
12.2 Notification	190
12.3 RMON	192
12.3.1 History Control	192
12.3.2 Event Config	193
12.3.3 Alarm Config	194
13.1 Basic Config	200
13.1.1 Global Config	200
13.1.2 Port Config	202
13.2 Device Info	202
13.2.1 Local Info	203
13.2.2 Neighbor Info	203
13.2.3 Device Statistics	204
14.1 NDP	208
14.1.1 Neighbor Info	208
14.1.2 NDP Summary	209
14.1.3 NDP Config	210
14.2 NTDP	211
14.2.1 Device Table	211
14.2.2 NTDP Summary	213
14.2.3 NTDP Config	215
14.3 Cluster	216
14.3.1 Cluster Summary	216
14.3.2 Cluster Config	219
14.3.3 Member Config	221
14.3.4 Cluster Topology	222
14.4 Application Example for Cluster Function	224
15.1 System Monitor	227
15.1.1 CPU Monitor	227
15.1.2 Memory Monitor	228
15.2 Log	229
15.2.1 Log Table	230
15.2.2 Local Log	231
15.2.3 Remote Log	231
15.2.4 Backup Log	232
15.3 Device Diagnose	233
15.3.1 Cable Test	233
15.3.2 Loopback	234
15.4 Network Diagnose	235
15.4.1 Ping	235

Match case Limit results 1 per page

Select:

Select your desired port for configuration. It is multi-optional.

Port:

Displays the port number.

Security Type:

Select Security Type for the port.



Disable: Select this option to disable the IP Source Guard

feature for the port.



SIP: Only the packets with its source IP address and port

number matched to the IP-MAC binding rules can be

processed.



SIP+MAC: Only the packets with its source IP address, source

MAC address and port number matched to the IP-MAC

binding rules can be processed.

LAG:

Displays the LAG to which the port belongs to.

11.4 DoS Defend

DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network

attackers or the evil programs sending a lot of service requests to the Host, which incurs an

abnormal service or even breakdown of the network.

With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets and

distinguish the malicious DoS attack packets. Upon detecting the packets, the switch will discard

the illegal packets directly and limit the transmission rate of the legal packets if the over legal

packets may incur a breakdown of the network. The switch can defend several types of DoS attack

listed in the following table.

DoS Attack Type

Description

Scan SYNFIN

The attacker sends the packet with its SYN field and the FIN field set to 1. The

SYN field is used to request initial connection whereas the FIN field is used to

request disconnection. Therefore, the packet of this type is illegal. The switch can

defend this type of illegal packet.

Xmascan

The attacker sends the illegal packet with its TCP index, FIN, URG and PSH field

set to 1.

NULL Scan Attack

The attacker sends the illegal packet with its TCP index and all the control fields

set to 0. During the TCP connection and data transmission, the packets with all the

control fields set to 0 are considered as the illegal packets.

SYN packet with its source

port less than 1024

The attacker sends the illegal packet with its TCP SYN field set to 1 and source

port less than 1024.

Ping Flooding

The attacker floods the destination system with Ping broadcast storm packets to

forbid the system to respond to the legal communication.

SYN/SYN-ACK Flooding

The attacker uses a fake IP address to send TCP request packets to the Server.

Upon receiving the request packets, the Server responds with SYN-ACK packets.

Since the IP address is fake, no response will be returned. The Server will keep on

sending SYN-ACK packets. If the attacker sends overflowing fake request

packets, the network resource will be occupied maliciously and the requests of the

legal clients will be denied.

Table 11-1 Defendable DoS Attack Types

162