5 dosattack-check tcp-fragment enable, 6 dosattack-check tcp-segment, Dosattack – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

Command Mode:

Global Mode

Usage Guide:

With this function enabled, the switch will be able to drop TCP and UDP data packet whose

destination port is equal to the source port. This function can be used associating the

“dosattack-check ipv4-first-fragment enable” function so to block the IPv4 fragment TCP and UDP

data packet whose destination port is equal to the source port.

Example:

Drop the non-fragment TCP and UDP data packet whose destination port is equal to the source

port.

Switch(config)# dosattack-check srcport-equal-dstport enable

25.5 dosattack-check tcp-fragment enable

Command:

[no] dosattack-check tcp-fragment enable

Function:

Enable the function by which the switch detects TCP fragment attacks; the “no” form of this

command disables this function.

Default:

This function is not enabled on the switch by default

Command Mode:

Global Mode

Usage Guide:

By enabling this function the switch will be protected from the TCP fragment attacks, dropping the

data packets whose TCP fragment offset value is 1 or the TCP head is shorter than the specified

value. Use “dosattack-check tcp-header” command to specify the length.

Example:

Enable the Checking TCP fragment attack function.

Switch(config)# dosattack-check tcp-fragment enable

25.6 dosattack-check tcp-segment

Command: