Manualshelf

Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x
1031103210331034103510361037103810391040
1006 PowerConnect B-Series TI24X Configuration Guide
53-1002269-02
Protecting against Smurf attacks
31
To avoid being an intermediary in a Smurf attack, make sure forwarding of directed broadcasts is
disabled on the device. Directed broadcast forwarding is disabled by default. To disable directed
broadcast forwarding, do one of the following.
PowerConnect(config)# no ip directed-broadcast
Syntax: [no] ip directed-broadcast
Avoiding being a victim in a Smurf attack
You can configure the device to drop ICMP packets when excessive numbers are encountered, as is
the case when the device is the victim of a Smurf attack. You can set threshold values for ICMP
packets that are targeted at the router itself or passing through an interface, and drop them when
the thresholds are exceeded.
Protection against ICMP attacks in PowerConnect devices
The ICMP flood attack protection is implemented in hardware on PowerConnect B-Series TI24X
devices. This feature can coexist with port-based rate-limiting, MAC filters, Layer 4 ACLs, and other
features.
You can set threshold values for ICMP packets that are targeted at the router itself or passing
through an interface, and drop them when the thresholds are exceeded.
The syntax to set threshold values for ICMP packets targeted on a PowerConnect device is as
follows.
Syntax: ip icmp attack-rate burst-normal <value> burst-max <value> lockup <seconds>
The attack-rate keyword indicates that the normal burst value and maximum burst values to be
specified in kilobits per second (kbps).
The burst-normal value ranges from 20 through 10000000.
The burst-max value ranges from 20 through 10000000.
The lockup value ranges from 1 through 10000.
The number of incoming ICMP packets per second are measured and compared to the threshold
values as follows:
If the number of ICMP packets exceeds the burst-normal value, the excess ICMP packets are
dropped.
If the number of ICMP packets exceeds the burst-max value, all ICMP packets are dropped for
the number of seconds specified by the lockup value. When the lockup period expires, the
packet counter is reset and measurement is restarted.
Configuration notes
Consider the following statements when DoS attack protection is implemented at port level or VLAN
level.
The ACL based ingress rate-limiting for ICMP flow on a port is not accurate if ICMP Dos attack
protection is enabled on the same port. Non-ICMP flows are not affected.