Dos-control tcpflag, Syntax, Default configuration – Dell POWEREDGE M1000E User Manual

1366

Denial of Service Commands

dos-control tcpflag

Use the dos-control tcpflag command in Global Configuration mode to

enable TCP Flag Denial of Service protections. If the mode is enabled, Denial

of Service prevention is active for this type of attack. If packets ingress having

TCP Flag SYN set and a source port less than 1024, having TCP Control

Flags set to 0 and TCP Sequence Number set to 0, having TCP Flags FIN,

URG, and PSH set and TCP Sequence Number set to 0, or having TCP Flags

SYN and FIN both set, the packets are dropped.

Syntax

dos-control tcpflag
no dos-control tcpflag

Default Configuration

Denial of Service is disabled.

Command Mode

Global Configuration mode.

User Guidelines

This command has no user guidelines.

Example

The following example activates TCP Flag Denial of Service protections.

console(config)#dos-control tcpflag

dos-control tcpfrag

Use the dos-control tcpfrag command in Global Configuration mode to

enable TCP Fragment Denial of Service protection. If the mode is enabled,

Denial of Service prevention is active for this type of attack. If packets ingress

having IP Fragment Offset equal to one (1), the packets are dropped.

Syntax

dos-control tcpfrag

2CSPC4.XModular-SWUM200.book Page 1366 Thursday, March 10, 2011 11:18 AM