568 Denial of Service Commands
no dos-control
firstfrag
This command sets Minimum TCP Header Size Denial of Service protection to
the default value of
disabled.
dos-control tcpfrag This command enables TCP Fragment Denial of Service protection. If the mode
is enabled, Denial of Service prevention is active for this type of attack and
packets that have a TCP payload in which the IP payload length minus the IP
header size is less than the minimum allowed TCP header size are dropped.
no dos-control
tcpfrag
This command disables TCP Fragment Denial of Service protection.
dos-control tcpflag This command enables TCP Flag Denial of Service protections. If the mode is
enabled, Denial of Service prevention is active for this type of attacks. If packets
ingress having TCP Flag SYN set and a source port less than 1024 or having TCP
Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags
FIN, URG, and PSH set and TCP Sequence Number set to 0 or having TCP Flags
SYN and FIN both set, the packets will be dropped if the mode is enabled.
Mode Global Config
Format
no dos-control firstfrag
Mode Global Config
Default disabled
Format
dos-control tcpfrag
Mode Global Config
Format
no dos-control tcpfrag
Mode Global Config
Default disabled
Format
dos-control tcpflag
To Next Page
Loading...
