Netgear GSM7224v2 - 24-Port Layer 2 Managed Gigabit Switch User Manual
466
|
Chapter 6. Managing Device Security
ProSafe® Gigabit L3 Managed Stackable Switches Software Administration Manual
1.
Use Denial of Service Min TCP Header Size to specify the Min TCP Hdr Size allowed. If
DoS TCP Fragment is enabled, the switch will drop these packets:
DoS TCP Fragment is enabled, the switch will drop these packets:
•
First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size
< Min_TCP_Header_Size.
The factory default is disabled.
2.
Use Denial of Service L4 Port to enable L4 Port DoS prevention causing the switch to drop
packets having source TCP/UDP port number equal to destination TCP/UDP port number.
The factory default is disabled.
packets having source TCP/UDP port number equal to destination TCP/UDP port number.
The factory default is disabled.
3.
Use Denial of Service First Fragment to enable First Fragment DoS prevention causing
the switch to check DoS options on first fragment IP packets when switch are receiving
fragmented IP packets. Otherwise, switch ignores the first fragment IP packages. The
factory default is disabled.
the switch to check DoS options on first fragment IP packets when switch are receiving
fragmented IP packets. Otherwise, switch ignores the first fragment IP packages. The
factory default is disabled.
4.
Use Denial of Service ICMP to enable ICMP DoS prevention causing the switch to drop
ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the
configured ICMP Pkt Size. The factory default is disabled.
ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the
configured ICMP Pkt Size. The factory default is disabled.
5.
Use Denial of Service Max ICMP Packet Size to specify the Max ICMP Packet Size
allowed (This includes the ICMP header size of 8 bytes). If ICMP DoS prevention is enabled,
the switch will drop ICMP ping packets that have a size greater then this configured Max
ICMP Packet Size minus the ICMP header size of 8 bytes. The factory default is 512.
allowed (This includes the ICMP header size of 8 bytes). If ICMP DoS prevention is enabled,
the switch will drop ICMP ping packets that have a size greater then this configured Max
ICMP Packet Size minus the ICMP header size of 8 bytes. The factory default is 512.
6.
Use Denial of Service SIP=DIP to enable SIP=DIP DoS prevention causing the switch to
drop packets that have a source IP address equal to the destination IP address. The factory
default is disabled.
drop packets that have a source IP address equal to the destination IP address. The factory
default is disabled.
7.
Use Denial of Service TCP FLAG to enable TCP Flag DoS prevention causing the switch
to drop these packets:
to drop these packets:
•
TCP SYN flag=1 & source port < 1024
•
TCP control flag =0 & sequence number = 0
•
TCP FIN,URG,PSH bits set & sequence number = 0
•
TCP SYN & FIN bits set
The factory default is disabled.
8.
Use Denial of Service TCP Fragment to enable TCP Fragment DoS prevention causing
the switch to drop packets:
the switch to drop packets:
•
First TCP fragments that has a TCP payload - IP_Payload_Length - IP_Header_Size
< Min_TCP_Header_Size.
The factory default is disabled.
Port Authentication
In port-based authentication mode, when 802.1X is enabled globally and on the port,
successful authentication of any one supplicant attached to the port results in all users being
able to use the port without restrictions. At any given time, only one supplicant is allowed to
attempt authentication on a port in this mode. Ports in this mode are under bidirectional
control. This is the default authentication mode.
successful authentication of any one supplicant attached to the port results in all users being
able to use the port without restrictions. At any given time, only one supplicant is allowed to
attempt authentication on a port in this mode. Ports in this mode are under bidirectional
control. This is the default authentication mode.