Specifications

ManualsBrandsTP-LINK ManualsNetworkingJetStream

321

322

323

324

325

326

327

328

329

330

314

Security Type:

Select Security Type for the port.

• Disable:

Select this option to disable the IP Source Guard

feature for the port.

• SIP:

Only the packets with its source IP address and port

number matched to the IP-

MAC binding rules can be

processed.

• SIP+MAC:

Only the packets with its source IP address,

source MAC address and port number matched to the

IP-MAC binding rules can be processed.

LAG:

Displays the LAG to which the port belongs to.

14.5 DoS Defend

DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network

attackers or the evil programs sending a lot of service requests to the Host, which incurs an

abnormal service or even breakdown of the network.

With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets and

distinguish the malicious DoS attack packets. Upon detecting the packets, the switch will discard

the illegal packets directly and limit the transmission rate of the legal packets if the over legal

packets may incur a breakdown of the network. The switch can defend several types of DoS attack

listed in the following table.

DoS Attack Type Description

Land Attack

The attacker sends a specific fake SYN packet to the destination Host.

Since both the source IP address and the destination IP address of the

SYN packet are set to be the IP address of the Host, the Host will be

trapped in an endless circle for building the initial connection. The

performance of the network will be reduced extremely.

Scan SYNFIN The attacker sends

the packet with its SYN field and the FIN field set to

1. The SYN field is used to request initial connection whereas the FIN

field is used to request disconnection. Therefore, the packet of this

type is illegal. The switch can defend this type of illegal packet.

Xmascan

The attacker sends the illegal packet with its TCP index, FIN, URG and

PSH field set to 1.

NULL Scan Attack

The attacker sends the illegal packet with its TCP index and all the

control fields set to 0. During the TCP connection and data

ransmission, the packets with all the control fields set to 0 are

considered as the illegal packets.

SYN packet with its

source port less than

1024

The attacker sends the illegal packet with its TCP SYN field set to 1

and source port less than 1024.

Blat Attack

The attacker sends the illegal packet with its source port and

destination port on Layer 4 the same and its URG field set to 1. Similar

to the Land Attack, the system performance of the attacked Host is

reduced since the Host circularly attempts to

build a connection with

the attacker.