105
dosattack-check srcip-equal-dstip
enable
Enable the function of checking if the IP
source address is the same as the
destination address
2.6.2.2 Prevent TCP Unauthorized Label Attack Function Configuration
Task Sequence
1
.
Enable the anti TCP unauthorized label attack function
2
.
Enable Checking IPv4 fragment function
Command Explanation
Global Mode
dosattack-check tcp-flags enable
Enable checking TCP label function
dosattack-check ipv4-first-fragment
enable
Enable checking IPv4 fragment. This
command has no effect when used
separately, but if this function is not enabled,
the switch will not drop the IPv4 fragment
packet containing unauthorized TCP labels
2.6.2.3 Anti Port Cheat Function Configuration Task Sequence
1
.
Enable the anti port cheat function
Command Explanation
Global Mode
dosattack-check
srcport-equal-dstport enable
Enable the prevent-port-cheat function
2.6.2.4 Prevent TCP Fragment Attack Function Configuration Task
Sequence
1
.
Enable the prevent TCP fragment attack function
2
.
Configure the minimum permitted TCP head length of the packet
Command Explanation
Global Mode
dosattack-check tcp-fragment enable
Enable the prevent TCP fragment attack
function