7 dosattack-check icmp-attacking enable, Dosattack, Check icmp – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

dosattack-check tcp-segment <20-255>

Function:

Configure the minimum TCP segment length permitted by the switch.

Parameter:

<20-255> is the minimum TCP segment length permitted by the switch.

Default:

The length is 20 by default which is the shortest TCP segment

Command Mode:

Global Mode

Usage Guide:

To use this function the “dosattack-check tcp-fragment enable” function must be enabled

Example:

Set the minimum TCP segment length permitted by the switch to 20.

Switch(config)# dosattack-check tcp-fragment enable

Switch(config)# dosattack-check tcp-segment 20

25.7 dosattack-check icmp-attacking enable

Command:

[no] dosattack-check icmp-attacking enable

Function:

Enable the ICMP fragment attack checking function on the switch; the “no” form of this command

disables this function.

Default:

Disable the ICMP fragment attack checking function on the switch

Command Mode:

Global Mode

Usage Guide:

With this function enabled the switch will be protected from the ICMP fragment attacks, dropping the

fragment ICMPv4/v6 data packets whose net length is smaller than the specified value.

Example:

Enable the ICMP fragment attack checking function.

Switch(config)# dosattack-check icmp-attacking enable