2 dos-control firstfrag, 3 dos-control tcpfrag – Kontron AT890X Full-Size CLI User Manual
Page 108
Switching Commands
AT8901/2/3
AT8901/2/3 CLI Reference Manual
Page 2 - 74
Format
dos-control sipdip
Mode
Global Config
2.18.1.1
no dos-control sipdip
This command disables Source IP Address = Destination IP Address (SIP=DIP) Denial
of Service prevention.
Format
no dos-control sipdip
Mode
Global Config
2.18.2
dos-control firstfrag
This command enables Minimum TCP Header Size Denial of Service protection. If the
mode is enabled, Denial of Service prevention is active for this type of attack. If
packets ingress having a TCP Header Size smaller then the configured value, the
packets will be dropped if the mode is enabled.The default is
disabled.
If you enable
dos-control firstfrag, but do not provide a Minimum TCP Header Size, the system sets
that value to
20
.
Default
disabled <20>
Format
dos-control firstfrag
[<0-255>]
Mode
Global Config
2.18.2.1
no dos-control firstfrag
This command sets Minimum TCP Header Size Denial of Service protection to the
default value of
disabled
.
Format
no dos-control firstfrag
Mode
Global Config
2.18.3
dos-control tcpfrag
This command enables TCP Fragment Denial of Service protection. If the mode is
enabled, Denial of Service prevention is active for this type of attack. If packets ingress
having IP Fragment Offset equal to one (1), the packets will be dropped if the mode is
enabled.
Default
disabled
Format
dos-control tcpfrag
Mode
Global Config
2.18.3.1
no dos-control tcpfrag
This command disabled TCP Fragment Denial of Service protection.
Format
no storm-control broadcast all
Mode
Global Config