Dos-control firstfrag, Syntax, Default configuration – Dell POWEREDGE M1000E User Manual

Denial of Service Commands

1363

dos-control firstfrag

Use the dos-control firstfrag command in Global Configuration mode to

enable Minimum TCP Header Size Denial of Service protection. If the mode

is enabled, Denial of Service prevention is active for this type of attack. If

packets ingress having a TCP Header Size smaller than the configured value,

the packets are dropped.

Syntax

dos-control firstfrag [

size

]

no dos-control firstfrag

•

size

—TCP header size. (Range: 0-255). The default TCP header size is 20.

ICMP packet size is 512.

Default Configuration

Denial of Service is disabled.

Command Mode

Global Configuration mode

User Guidelines

This command has no user guidelines.

Example

The following example defines a minimum TCP header size of 20. Packets

entering with a smaller header size are dropped.

console(config)#dos-control firstfrag 20

dos-control icmp

Use the dos-control icmp command in Global Configuration mode to enable

Maximum ICMP Packet Size Denial of Service protections. If the mode is

enabled, Denial of Service prevention is active for this type of attack. If ICMP

Echo Request (PING) packets ingress having a size greater than the

configured value, the packets are dropped.

2CSPC4.XModular-SWUM200.book Page 1363 Thursday, March 10, 2011 11:18 AM