320
31.3 dosattack-check srcport-equal-dstport enable
Command: dosattack-check srcport-equal-dstport enable
Function: Enable the function by which the switch will check if the source port is equal to
the destination port; the "no" form of this command disables this function.
Parameter: None
Default: Disable the function by which the switch will check if the source port is equal to
the destination port.
Command Mode: Global Mode
Usage Guide: With this function enabled, the switch will be able to drop TCP and UDP
data packet whose destination port is equal to the source port. This function can be used
associating the ―dosattack-check ipv4-first-fragment enable‖ function so to block the IPv4
fragment TCP and UDP data packet whose destination port is equal to the source port.
Example: Drop the non-fragment TCP and UDP data packet whose destination port is
equal to the source port.
Switch(config)# dosattack-check srcport-equal-dstport enable
31.4 dosattack-check icmp-attacking enable
Command: [no] dosattack-check icmp-attacking enable
Function: Enable the ICMP fragment attack checking function on the switch; the ―no‖
form of this command disables this function.
Parameter: None
Default: Disable the ICMP fragment attack checking function on the switch
Command Mode: Global Mode
Usage Guide: With this function enabled the switch will be protected from the ICMP
fragment attacks, dropping the fragment ICMPv4/v6 data packets whose net length is
smaller than the specified value.
Example: Enable the ICMP fragment attack checking function.
Switch(config)# dosattack-check icmp-attacking enable
To Next Page
Loading...
