5000 Series Layer 2/3 Managed Data Center Switch CLI Reference Guide
549
dos-control firstfrag [0-255]
no dos-control firstfrag
Parameters
None
Default
The default is Disabled (20).
Command Mode
Global Config
5-551 dos-control tcpfrag
This command enables TCP Fragment Denial of Service protection. If the mode is enabled, Denial of
Service prevention is active for this type of attack and packets that have a TCP payload in which the IP
payload length minus the lP header size is less than the minimum allowed TCP header size are dropped.
Use the
no
command to disable TCP Fragment Denial of Service protection.
dos-control tcpfrag
no dos-control tcpfrag
Parameters
None
Default
The default is Disabled.
Command Mode
Global Config
5-552 dos-control tcpflag
This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service
prevention is active for this type of attacks and packets will be dropped, as follows:
•
Packets ingress have the TCP Flag SYN set and a source port less than 1024.
•
The TCP Control Flags are set to 0 and the TCP Sequence Number is set to 0.
•
The TCP Flags FIN, URG, and PSH are set and the TCP Sequence Number is set to 0.
•
The TCP Flags SYN and FIN are both set.
Use the
no
command to set disables TCP Flag Denial of Service protections.
Содержание 5000 Series
Страница 1: ...Draft 1 2 1 ...
Страница 141: ...5000 Series Layer 2 3 Managed Data Center Switch CLI Reference Guide 135 ...