HostDos no functioning as expected on Enterasys/Extreme S6 Model

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Answered
I enabled HostDos on the S6 chassis switch to drop SYN FLOOD packets over 1000pps threshold, but these packets still bypass the switch as they hit the firewall LAN interface - I am running the SYN Flood test locally. I checked the logs and there were no hits on the HostDos stats menu for SynFlood. Please I need insights into this. What could be wrong? I set the threshold on the firewall to 1200pps and I confirmed the S6 was blacklisted as SYN packets received were over 1200pps - which tells me the S6 did not drop those packets when it got hit by them. 

Thank you for your time.
Photo of Sarafa Ibrahim

Sarafa Ibrahim

  • 122 Points 100 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,732 Points 2k badge 2x thumb
Hostdos only protects the host complex of the S-series. The packets are still allowed to transit on the vlans they exist on.
Photo of Sarafa Ibrahim

Sarafa Ibrahim

  • 122 Points 100 badge 2x thumb
Okay. Thank you for clarifying that. Is there any way to get around this though? 
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,200 Points 10k badge 2x thumb
You would need to classify the traffic on TCP flags and then apply a rate limiter. I do not think this is supported on the S-Series.

Another problem is that above classification matches any TCP SYN packet and does not separate by source IP. That would limit the number of connections per second to the server, not just SYN floods.

Routers, firewalls or other security appliances implementing SYN flood protection in software are a better solution than using a switch. The switch is supposed to deliver all the traffic at line rate...
Photo of Sarafa Ibrahim

Sarafa Ibrahim

  • 122 Points 100 badge 2x thumb
Thanks Erik!
Photo of Daniel Coughlin

Daniel Coughlin, Employee

  • 2,732 Points 2k badge 2x thumb
Sarafa,  If you need more help the GTAC is always an option.
Photo of Sarafa Ibrahim

Sarafa Ibrahim

  • 122 Points 100 badge 2x thumb
Thanks, Daniel! I'd keep that in mind.
Photo of Drew C.

Drew C., Community Manager

  • 39,376 Points 20k badge 2x thumb
Welcome to The Hub, Sarafa!