Dell PowerConnect M6220 User Manual

Configuring System Information

185

• Denial of Service Min TCP Hdr Size — Specify the minimum TCP header size allowed. If First

Fragment DoS prevention is enabled, the switch will drop packets that have a TCP header smaller then

this configured value.

• Denial of Service TCP Fragment — Enabling TCP Fragment DoS prevention causes the switch to

drop packets that have an IP fragment offset equal to one.

•

Denial of Service TCP Flag — Enabling TCP Flag DoS prevention causes the switch to drop packets

that meet any of the following conditions:
–

TCP flag SYN set and TCP source port less than 1024

–

TCP control flags set to 0 and TCP sequence number set to 0

–

TCP flags FIN, URG, and PSH set and TCP sequence number set to 0

–

Both TCP flags SYN and FIN set

• Denial of Service L4 Port — Enabling L4 Port DoS prevention causes the switch to drop packets that

have the TCP/UDP source port equal to TCP/UDP destination port.

•

Denial of Service ICMP — Enabling ICMP DoS prevention causes the switch to drop ICMP packets

that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP packet size

(ICMP Pkt Size).

• Denial of Service Max ICMP Pkt Size — Specify the maximum ICMP packet size to allow. If ICMP

DoS prevention is enabled, the switch will drop ICMP ping packets that have a size greater then this

configured value.

Configuring Denial of Service Settings

1. Open the Denial of Service page

.

2. Specify the desired settings.
3. Click Apply Changes.

The device is updated with the new settings.

Configuring Denial of Service Settings Using CLI Commands

For information about the CLI commands that perform this function, see the following chapter in the

CLI Reference Guide

:

• Denial of Service Commands.