Industrial Managed
Ethernet Switch
User Manual
錯誤
!
使用
[
常用
]
索
引標籤將
Heading
1,Product Manual
套用到您想要在此處
顯示的文字。
Page
161
of
191
The fifth vulnerability is called TCP flag DoS attack
.
The attack sends out TCP packets with flag indicating that they
are ACK packets
.
This attack is similar to SYN flood except SYN flood also open a connection with the server
.
Although the devices are mostly tuned for more common attack as SYN flood
.
TCP flag DOS attack will force the
server to keep dropping the packets, causing resource exhaustion
.
To enable
/
disable the protection against the
TCP Flag DoS attack or called ACK flood, click
Enabled
box on TCP Flag function
.
The sixth vulnerability is called L4 port DoS attack
.
There are various types of L4 port DoS attack
.
In UDP attack, a
large number of UDP packets are sent to victim until it is overloaded
.
UDP
-
Lag attacks in bursts as to not hit the
target offline completely
.
SUDP attack is the same as UDP but spoofs the request to make it harder to mitigate
.
SYN
/
SSYN
/
ESSYM attacks are abuse the hand shake of the TCP protocol until the victim is overloaded
.
DNS
/
NTP
/
CHARGEN
/
SNMP attacks are an amplified UDP attack that abuses vulnerable server by sending a
spoofed request with the targets IP as the sender
.
The servers then send the target the information overloading the
system
.
To enable
/
disable the protection against all these L4 Port DoS attacks, click
Enabled
box on L4 Port
function
.
Last vulnerability is so called ICMP fragmentation attack
.
The attack involves the transmission of fraudulent ICMP
packets that are larger than the network
’
s MTU
.
In this switch, administrators can filter these packets out by enabling
ICMP function and set
Maximum ICMP size
range from 512 to 1023 bytes
.
As these ICMP packets are fake, and
are unable to be reassembled, the target server
’
s resources are quickly consumed, resulting in server unavailability
.
To enable
/
disable the protection against the ICMP DoS attack, click
Enabled
box on ICMP function
provides descriptions of the Denial of Service Setting
.
Table 2.68 Descriptions of Denial of Service Setting
Label
Description
Factory
Default
LAND packets
Enabled
:
Enabled prevention over the attack using TCP SYN
packet that has the same source and destination
’
s IP and port
.
Disabled
First Fragment
Enabled
: Enabled prevention over the First Fragment attack.
Disabled
Min TCP Hdr
Size
Enabled
: Enabled minimum TCP header size attack.
Disabled
TCP Fragment
Enabled
:
Enabled prevention over the TCP fragmentation attack
which is targeting TCP/IP reassembly mechanism
Disabled
TCP Flag
Enabled
:
Enabled prevention over the TCP flag DOS attack
which force the server to keep dropping the packets, causing
resource exhaustion
.
Disabled
L4 Port
Enabled
:
Enabled prevention over various types of L4 port DoS
attacks that are intended to overload the server
.
Disabled
ICMP
Enabled
:
Allow filtering ICMP that has packet size higher than
the maximum ICMP size defined in the next field
Disabled
Max ICMP Size
512 to 1023 bytes
512
2.20.5 Backup/Restore
Figure 2.187 shows the webpage for Backup/Restore the configuration via HTTP. It is divided into two parts
:
Backup Device Configuration
and
Restore Device Configuration
.
When clicking on the
Download
button on
the upper part of the page (
Backup Device Configuration
), the users will be prompt to
Opening
the file name IP
-
10
.
0
.
50
.
1
.
bin.sum by an application or to
Save File
to a destination. Choosing to Save File will back up the switch
’s
current configuration to your local drive on the local computer.
To restore a configuration file to the switch, please move down to the
Restore Device Configuration
part, then
click the
Choose file
button to choose a configuration file from the local drive
.
Before clicking the
Upload
button,
the users can check any of the options below the upload file which are
”Do not overwrite current username and