3 dosattack-check tcp-flags enable, 4 dosattack-check srcport-equal-dstport enable, Dosattack – PLANET WGSW-50040 User Manual
Page 371: Check tcp, Flags enable, Check srcport, Equal, Dstport enable
Commands for Security Function Chapter 6 Commands for TACACS+
Drop the IPv4 fragment or non-fragment data packet whose source port is equal to its destination
port.
Switch(config)# dosattack-check ipv4-first-fragment enable
Switch(config)# dosattack-check srcport-equal-dstport enable
25.3 dosattack-check tcp-flags enable
Command:
[no] dosattack-check tcp-flags enable
Function:
Enable the function by which the switch will check the unauthorized TCP label function; the “no”
form of this command will disable this function.
Default:
This function disable on the switch by default
Command Mode:
Global Mode
Usage Guide:
With this function enabled, the switch will be able to drop follow four data packets containing
unauthorized TCP label: SYN=1 while source port is smaller than 1024;TCP label positions are all 0
while its serial No. =0;FIN=1,URG=1,PSH=1 and the TCP serial No.=0;SYN=1 and FIN=1. This
function can be used associating the “dosattack-check ipv4-first-fragment enable” command.
Example:
Drop one or more types of above four packet types.
Switch(config)# dosattack-check tcp-flags enable
25.4 dosattack-check srcport-equal-dstport enable
Command:
dosattack-check srcport-equal-dstport enable
Function:
Enable the function by which the switch will check if the source port is equal to the destination port;
the "no" form of this command disables this function.
Default:
Disable the function by which the switch will check if the source port is equal to the destination port.