Netgear FS752TP – 48 10/100 Mbps RJ45 ports and 2 gigabit combo (copper/SFP) ports and 2 gigabit RJ45 ports Software Guide
Chapter 2: Configuring System Information
|
45
FS752TP Smart Switch Software Administration Manual
Click Refresh to refresh the page with the most current data from the switch.
Denial of Service
Use the Denial of Service (DoS) page to configure DoS control. The FS752TP Smart Switch
software provides support for classifying and blocking specific types of DoS attacks. You can
configure your system to monitor and block the following types of attacks:
software provides support for classifying and blocking specific types of DoS attacks. You can
configure your system to monitor and block the following types of attacks:
•
SIP=DIP
: Source IP address = Destination IP address. Enable or disable this option by
selecting the corresponding line on the radio button. Enabling SIP=DIP DoS prevention
causes the switch to drop packets that have a source IP address equal to the destination
IP address. The factory default is disabled.
causes the switch to drop packets that have a source IP address equal to the destination
IP address. The factory default is disabled.
•
First Fragment
: IP Fragment Offset = 1. Enable or disable this option by selecting the
corresponding line on the radio button. Enabling First Fragment DoS prevention causes
the switch to drop packets that have an IP fragment offset equal to 1. The factory default
is disabled.
the switch to drop packets that have an IP fragment offset equal to 1. The factory default
is disabled.
•
TCP Fragment
: TCP Header size is smaller than the configured value. Enable or disable
this option by selecting the corresponding line on the radio button. Enabling TCP
Fragment DoS prevention causes the switch to drop packets that have a TCP header
smaller than the configured Min TCP Hdr Size. The factory default is disabled.
Fragment DoS prevention causes the switch to drop packets that have a TCP header
smaller than the configured Min TCP Hdr Size. The factory default is disabled.
•
TCP Flag
: Enable or disable this option by selecting the corresponding line on the radio
button. Enabling TCP Flag DoS prevention causes the switch to drop packets that have
TCP flag SYN set and TCP source port less than 1024 or TCP control flags set to 0 and
TCP sequence number set to 0 or TCP flags FIN, URG, and PSH set and TCP sequence
number set to 0 or both TCP flags SYN and FIN set. The factory default is disabled.
TCP flag SYN set and TCP source port less than 1024 or TCP control flags set to 0 and
TCP sequence number set to 0 or TCP flags FIN, URG, and PSH set and TCP sequence
number set to 0 or both TCP flags SYN and FIN set. The factory default is disabled.
•
L4 Port
: Enable or disable this option by selecting the corresponding line on the radio
button. Enabling L4 Port DoS prevention causes the switch to drop packets that have
TCP/UDP source port equal to TCP/UDP destination port. The factory default is disabled.
TCP/UDP source port equal to TCP/UDP destination port. The factory default is disabled.
•
ICMP
: Enable or disable this option by selecting the corresponding line on the radio
button. Enabling ICMP DoS prevention causes the switch to drop ICMP packets that have
a type set to ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size.
The factory default is disabled.
a type set to ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size.
The factory default is disabled.
Auto-DoS Configuration
The Auto-DoS Configuration page lets you automatically enable all the DoS features
available on the switch, except for the L4 Port attack. See the previous section for information
about the types of DoS attacks the switch can monitor and block.
available on the switch, except for the L4 Port attack. See the previous section for information
about the types of DoS attacks the switch can monitor and block.
To access the Auto-DoS Configuration page, click System
Management
Denial of
Service
Auto-DoS Configuration
.