Alcatel-Lucent 6850-48 Network Guide
IP Configuration
Configuring IP
page 24-24
OmniSwitch AOS Release 6 Network Configuration Guide
September 2009
• Invalid IP Attack—Packets with invalid source or destination IP addresses are received by the switch.
When such an Invalid-IP attack is detected, the packets are dropped, and SNMP traps are generated.
Examples of some invalid source and destination IP addresses are listed below:
Examples of some invalid source and destination IP addresses are listed below:
• Multicast IP and MAC Address Mismatch—This attack is detected when:
• the source MAC address of a packet received by a switch is a Multicast MAC address.
• the destination IP and MAC addresses of a packet received by a switch is same as the Multicast IP
and MAC addresses, but the Multicast IP and the Multicast MAC addresses do not match.
Note. In both the conditions described above in “Multicast IP and MAC Address Mismatch”, packets are
dropped and SNMP traps are generated.
dropped and SNMP traps are generated.
• the destination IP is a unicast IP and the destination MAC address is either a Broadcast or Multicast
address. In such a condition, an event is recorded in the DoS statistics. No SNMP traps are gener-
ated because valid packets can also fall under this category.
ated because valid packets can also fall under this category.
• Ping overload—Floods a switch with a large number of ICMP packets, resulting in the switch using a
large amount of CPU time to respond to these packets. If the number of ICMP packets exceed 100 per
second, a DoS attack is detected. By default, the detection of attack is disabled.
second, a DoS attack is detected. By default, the detection of attack is disabled.
• Packets with loopback source IP address—Packets with an invalid source address of 127.0.0.0/8
(loopack network) are received by the switch. When such packets are detected, they are dropped, and
SNMP traps are generated.
SNMP traps are generated.
The switch can be set to detect various types of port scans by monitoring for TCP or UDP packets sent to
open or closed ports. Monitoring is done in the following manner:
open or closed ports. Monitoring is done in the following manner:
• Packet penalty values set. TCP and UDP packets destined for open or closed ports are assigned a
penalty value. Each time a packet of this type is received, its assigned penalty value is added to a
running total. This total is cumulative and includes all TCP and UDP packets destined for open or
closed ports.
running total. This total is cumulative and includes all TCP and UDP packets destined for open or
closed ports.
Invalid Source IP address
• 0.x.x.x.
• 255.255.255.255.
• subnet broadcast, i.e. 172.28.255.255, for an
existing IP interface 172.28.0.0/16.
• in the range 224.x.x.x - 255.255.255.254.
• Source IP address equals one of Switch IP Inter-
face addresses.
Invalid Destination IP
address
address
• 127.x.x.x.
• in the range 240.x.x.x - 255.255.255.254.
• 0.0.0.0 (valid exceptions - certain DHCP packets
e.g.).
• 172.28.0.0 for a router network 172.28.4.11/16.
• 0.x.x.x.