Netgear FS752TP – 48 10/100 Mbps RJ45 ports and 2 gigabit combo (copper/SFP) ports and 2 gigabit RJ45 ports Software Guide
Chapter 2: Configuring System Information
|
47
FS752TP Smart Switch Software Administration Manual
To configure individual DoS settings:
1.
Select the types of DoS attacks for the switch to monitor and block and configure any
associated values, as the following list describes.
•
Denial of Service SIP=DIP
: Enable or disable this option by selecting the
corresponding line on the radio button. Enabling SIP=DIP DoS prevention causes the
switch to drop packets that have a source IP address equal to the destination IP
address. The factory default is disabled.
switch to drop packets that have a source IP address equal to the destination IP
address. The factory default is disabled.
•
Denial of Service First Fragment
: IP Fragment Offset = 1. Enable or disable this
option by selecting the corresponding line on the radio button. Enabling First
Fragment DoS prevention causes the switch to drop packets that have an IP fragment
offset equal to 1. The factory default is disabled.
Fragment DoS prevention causes the switch to drop packets that have an IP fragment
offset equal to 1. The factory default is disabled.
•
Denial of Service Min TCP Hdr Size
: Specifies the Min TCP Hdr Size allowed. If
First TCP Fragment DoS prevention is enabled, then the switch will drop packets that
have a TCP header smaller than this configured Min TCP Hdr Size. The factory
default is 20.
have a TCP header smaller than this configured Min TCP Hdr Size. The factory
default is 20.
•
Denial of Service TCP Fragment
: TCP Header size is smaller than the configured
value. Enable or disable this option by selecting the corresponding line on the radio
button. Enabling TCP Fragment DoS prevention causes the switch to drop packets
that have a TCP header smaller than the configured Min TCP Hdr Size. The factory
default is disabled.
button. Enabling TCP Fragment DoS prevention causes the switch to drop packets
that have a TCP header smaller than the configured Min TCP Hdr Size. The factory
default is disabled.
•
Denial of Service TCP Flag
: Enable or disable this option by selecting the
corresponding line on the radio button. Enabling TCP Flag DoS prevention causes
the switch to drop packets that have TCP flag SYN set and TCP source port less than
1024 or TCP control flags set to 0 and TCP sequence number set to 0 or TCP flags
FIN, URG, and PSH set and TCP sequence number set to 0 or both TCP flags SYN
and FIN set. The factory default is disabled.
the switch to drop packets that have TCP flag SYN set and TCP source port less than
1024 or TCP control flags set to 0 and TCP sequence number set to 0 or TCP flags
FIN, URG, and PSH set and TCP sequence number set to 0 or both TCP flags SYN
and FIN set. The factory default is disabled.