10.16.8.2
dos-control firstfrag
This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled,
Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size
smaller then the configured value, the packets will be dropped if the mode is enabled.The default is
disabled. If you enable dos-control firstfrag, but do not provide a Minimum TCP Header Size, the system
sets that value to 20.
Syntax
dos-control firstfrag [<0-255>]
no dos-control firstfrag
<0-255> - Configures minimum TCP header length.
no - This command sets Minimum TCP Header Size Denial of Service protection to the default value of
disabled.
Default Setting
Disabled <20>
Command Mode
Global Config
10.16.8.3
dos-control icmp
This command enables Maximum ICMP Packet Size Denial of Service protections. If the mode is enabled,
Denial of Service prevention is active for this type of attack. If ICMP Echo Request (PING) packets ingress
having a size greater than the configured value, the packets will be dropped if the mode is enabled.
Syntax
dos-control icmp [<0-1023>]
no dos-control icmp
<0-1023> - Configures maximum ICMP packet size.
no - This command disables Maximum ICMP Packet Size Denial of Service protections.
Default Setting
Disabled <512>
Command Mode
Global Config
2011 Fujitsu Technology Solutions
©
730