User's Manual

361
Chapter 47 DoS Attack Prevention
Configuration
47.1 Concept of DoS Attack
The DoS attack is also called the service rejection attack. Common DoS attacks include network
bandwidth attacks and connectivity attacks. DoS attack is a frequent network attack mode triggered by hackers.
Its ultimate purpose is to break down networks to stop providing legal users with normal network services.
DoS attack prevention requires a switch to provide many attack prevention methods to stop such attacks
as Pingflood, SYNflood, Landattack, Teardrop, and illegal-flags-contained TCP. When a switch is under attack,
it needs to judge which attack type it is and handles these attack packets specially, for example, sending them
to CPU and drop them.
47.2 DoS Attack Type
Hackers will make different types of DoS attack packets to attack the servers. The following are common DoS
attack packets: