This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HostDos no functioning as expected on Enterasys/Extreme S6 Model

HostDos no functioning as expected on Enterasys/Extreme S6 Model

Sarafa_Ibrahim
New Contributor

‎06-29-2017 12:58 PM

I enabled HostDos on the S6 chassis switch to drop SYN FLOOD packets over 1000pps threshold, but these packets still bypass the switch as they hit the firewall LAN interface - I am running the SYN Flood test locally. I checked the logs and there were no hits on the HostDos stats menu for SynFlood. Please I need insights into this. What could be wrong? I set the threshold on the firewall to 1200pps and I confirmed the S6 was blacklisted as SYN packets received were over 1200pps - which tells me the S6 did not drop those packets when it got hit by them.

Thank you for your time.
0 Kudos
9 REPLIES 9

Sarafa_Ibrahim
New Contributor
In response to Daniel_Coughlin

‎06-29-2017 01:35 PM

Thanks Erik!
0 Kudos

Erik_Auerswald
Contributor II
In response to Daniel_Coughlin

‎06-29-2017 01:35 PM

You would need to classify the traffic on TCP flags and then apply a rate limiter. I do not think this is supported on the S-Series.

Another problem is that above classification matches any TCP SYN packet and does not separate by source IP. That would limit the number of connections per second to the server, not just SYN floods.

Routers, firewalls or other security appliances implementing SYN flood protection in software are a better solution than using a switch. The switch is supposed to deliver all the traffic at line rate...
0 Kudos

Sarafa_Ibrahim
New Contributor
In response to Daniel_Coughlin

‎06-29-2017 01:35 PM

Okay. Thank you for clarifying that. Is there any way to get around this though?
0 Kudos

Erik_Auerswald
Contributor II
In response to Daniel_Coughlin

‎06-29-2017 01:35 PM

Hi,

the HostDoS feature protects against attacks target at the switch itself only, not against attacks passing through the switch towards another target.

Thanks,
Erik
0 Kudos

Sarafa_Ibrahim
New Contributor
In response to Daniel_Coughlin

‎06-29-2017 01:35 PM

Thank you for your response. I did not quite follow what you mean by "host complex". Could you elaborate on that? thanks
0 Kudos
GTM-P2G8KFN