Manual

ManualsBrandsLuxul ManualsRoutersXMS-1024P

201

202

203

204

205

206

207

208

209

210

207

User Guide

Other trademarks and registered trademarks are the property of their respective owners

12.3 DoS Defense

DoS (Denial of Service) Attacks attempt to occupy the Network bandwidth by sending

massive amounts of service requests to a Host(s). This can cause poor service quality or

even a breakdown of Network communication.

With the DoS Defense function enabled, the Switch can analyze the Fields of IP packets

and distinguish malicious DoS attack packets from permitted trafﬁc. Upon detection of

a DoS packet, the Switch will discard the malicious packets and limit the transmission

rate of valid packets if the valid packets may cause a breakdown of Network communi-

cation. The Switch can defend against the following types of DoS attack:

DoS Attack Type Description

Land Attack

The attacker sends a speciﬁc fake SYN packet to a destination Host

in order to cause a data loop on the Host. Since both the Source IP

Address and the Destination IP Address of the SYN packet are set to the

IP Address of the Host, the Host will be trapped in an endless loop. This

prevents the affected host from passing data normally.

Scan SYNFIN

The attacker sends a packet with its SYN Field and the FIN Field set

to 1. The SYN ﬁeld is used to request the initial connection, whereas

the FIN ﬁeld is used to request termination. A packet of this type is

malicious. This prevents the Host from establishing new connections

and terminating unused connections.

Xmascan

The attacker sends a malicious packet with its TCP index, FIN, URG and

PSH ﬁeld set to 1. This packet takes priority over other packets in the

Host’s processing queue, causing connection latency.

NULL Scan Attack

The attacker sends a malicious packet with its TCP index and all Control

Fields set to 0. Packets with all control Fields set to 0 are considered

to be malicious packets. These packets overwhelm a Host and cause

latency issues as the Host attempts to drop these packets.

SYN packet with its

source Port less than

1024

The attacker sends a malicious packet with its TCP SYN ﬁeld set to 1

and source Port to a value less than 1024. As most well-known ports

reside below 1024, this malicious packet attempts to block valid

connection streams.

Blat Attack

The attacker sends a malicious packet with its source Port and

destination Port set to the same Port and its URG ﬁeld set to 1. Similar

to the Land Attack, the Host will be trapped in an endless loop. This

prevents the affected host from passing data normally.

Ping Flooding

The attacker ﬂoods the destination Network with a Ping broadcast

storm, causing Network latency and connection issues.