Denial of Service (DoS) Prevention Configuration on SFE / SGE Stackable Managed Switches

Objective

Denial of Service (DOS) is used to stop Distributed Denial of Service (DDoS) attacks. DDoS attacks flood the network with additional requests that limit the availability of network resources. DoS detects these attacks and filters out the attack traffic.

This article explains how to configure DOS prevention on the SFE / SGE Stackable Managed Switches.

Applicable Devices

• SFE / SGE Stackable Managed Switches

Software Version

• v3.0.2.0

Global Settings

Step 1. Log in to the web configuration utility and choose Security Suite > DOS Prevention > Global Settings. The Global Settings page opens:

Step 2. From the Security Suite Status drop-down list choose Enabled or Disabled. This enables or disables DoS on the switch.

Step 3. Check Stacheldraht Distribution to discard TCP packets with source TCP port equal to 16660. This port is commonly used by the DDoS attack tool called Stacheldraht.

Step 4. Check Invasor Trojan to discard TCP packets with the destination TCP port equal to 2140 and source TCP port equal to 1024. These ports are commonly used by the trojan malware called The Invasor.

Step 5. Check Back Orifice Trojan to discard UDP packets with the destination UDP port equal to 31337 and source UDP port equal to 1024. These ports are commonly used by the malware called Back Orifice that is used for remote system administration.

Step 6. Click Apply.

Caution: This only saves your configuration to the running configuration file. This means any changes made will be lost if the device is rebooted. If you wish to save these changes even after a system reboot, you need to copy the running configuration file to the startup configuration file. See Copy Configuration File on SFE/SGE Series Managed Switches for more information on how to do this.