Hi. I recently pruchased a ProSafe Smart Switch. One of the features I wanted was Auto-DoS detection that shuts off ports that are suspected of a DoS attack. Whenever I enable this, the two Lexmark printers on our network are quickly disconnected. I have contacted support twice. The first time I contacted them, they told me that this feature should be used as a fallback and I should have a firewall in place between the modem and the switch. I have since purchased a ProSAFE firewall and got it set up, but this has not solved the problem.
I contacted them again. They requested I monitor the packets and send them too them, but they have not gotten back to me on a solution. The packets that cause the alert art MDNS or Multicast packets. Here is what one of the packets looks like:
1 0.000000 10.0.53.17 224.0.0.251 MDNS 278 Standard query response 0x0000 PTR Lexmark T430._http._tcp.local PTR Lexmark T430._ftp._tcp.local PTR Lexmark T430._tftp._udp.local PTR Lexmark T430._printer._tcp.local PTR Lexmark T430._ipp._tcp.local PTR Lexmark T430._pdl-datastream._tcp.local
I have changed some of the flooding settings for that port, but this makes no difference. Are these just old printers? Is there a way to add an exception for a port and still have Auto-DoS enabled?
Thanks for the help!
-Joel
