Table of Contents
Advertisement
dosattack-check
srcport-equal-dstport enable
2.6.2.4 Prevent TCP Fragment Attack Function Configuration Task
Sequence
1.Enable the prevent TCP fragment attack function
2.Configure the minimum permitted TCP head length of the packet
Command
Global Mode
dosattack-check tcp-fragment enable
dosattack-check tcp-header <size>
2.6.2.5 Prevent ICMP Fragment Attack Function Configuration Task
Sequence
1.Enable the prevent ICMP fragment attack function
2.Configure the max permitted ICMPv4 net load length
3.Configure the max permitted ICMPv6 net load length
Command
Global Mode
dosattack-check
enable
dosattack-check icmpv4-size <size>
dosattack-check icmpv6-size <size>
Enable the prevent-port-cheat function
Explanation
Enable the prevent TCP fragment attack
function
dosattack-check tcp-fragment enable
Configure the minimum permitted TCP head
length of the packet. This command has no
effect when used separately, the user should
enable the dosattack-check tcp-fragment
enable
Explanation
Enable the prevent ICMP fragment attack
icmp-attacking
function
Configure the max permitted ICMPv4 net
length. This command has not effect when
used separately, the user have to enable the
dosattack-check icmp-attacking enable
dosattack-check icmp-attacking enable
Configure the max permitted ICMPv6 net
length. This command has not effect when
used separately, the user have to enable the
dosattack-check icmp-attacking enable
106
- Quick Links:
- Management Via Http
- Cli Interface
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
