7 dosattack-check icmp-attacking enable, 8 dosattack-check icmpv4-size, 9 dosattack-check icmpv6-size – PLANET XGS3-24040 User Manual

Page 778: Dosattack, Check icmp, Attacking enable, Check icmpv, Size

Advertising
background image


45-3

Default: The length is 20 by default which is the shortest TCP segment

Command Mode: Global Mode

Usage Guide: To use this function the “dosattack-check tcp-fragment enable” function must be enabled

Example: Set the minimum TCP segment length permitted by the switch to 20.

Switch(config)# dosattack-check tcp-fragment enable

Switch(config)# dosattack-check tcp-segment 20

45.7 dosattack-check icmp-attacking enable

Command: [no] dosattack-check icmp-attacking enable

Function: Enable the ICMP fragment attack checking function on the switch; the “no” form of this

command disables this function.

Parameter: None

Default: Disable the ICMP fragment attack checking function on the switch

Command Mode: Global Mode

Usage Guide: With this function enabled the switch will be protected from the ICMP fragment attacks,

dropping the fragment ICMPv4/v6 data packets whose net length is smaller than the specified value.

Example: Enable the ICMP fragment attack checking function.

Switch(config)# dosattack-check icmp-attacking enable

45.8 dosattack-check icmpv4-size

Command: dosattack-check icmpv4-size <64-1023>

Function: Configure the max net length of the ICMPv4 data packet permitted by the switch.

Parameter: <64-1023> is the max net length of the ICMPv4 data packet permitted by the switch.

Default: The value is 0x200 by default

Command Mode: Global Mode

Usage Guide: To use this function you have to enable “dosattack-check icmp-attacking enable” first

Example: Set the max net length of the ICMPv4 data packet permitted by the switch to 100.

Switch(config)# dosattack-check icmp-attacking enable

Switch(config)# dosattack-check icmpv4-size 100

45.9 dosattack-check icmpv6-size

Command: dosattack-check icmpv6-size <64-1023>

Function: Configure the max net length of the ICMPv6 data packet permitted by the switch.

Parameter: <64-1023> is the max net length of the ICMPv6 data packet permitted by the switch.

Default: The value is 0x200 by default

Command Mode: Global Mode

Usage Guide: To use this function you have to enable “dosattack-check icmp-attacking enable” first.

Advertising
Popular Brands
Popular manuals