Command Reference TCP Commands
In general, when dispatching the TCP packet, the TCP module replies a reset packet automatically to
disconnect the TCP connection with the peer end if the TCP connection that this packet belongs to is
not found, However, flooding TCP port unreachable packets pose an attack threat to the device, This
command can be used to disable the device from sending the reset packet when receiving the TCP
port unreachable packet. This command applies to both IPv4 and IPv6 TCP.
The following example disables the device from sending the reset packet when receiving the TCP
port unreachable packet.
Ruijie(config)# no ip tcp send-reset
Use this command to set the timeout value for SYN packets (the maximum time from SYN
transmission to successful three-way handshake). Use the no form of this command to restore the
default setting.
ip tcp synwait-time seconds
no ip tcp synwait-time seconds
Timeout value for SYN packets in the range from 5 to 300 in the unit
of seconds.
Global configuration mode
If there is an SYN attack in the network, reducing the SYN timeout value can prevent resource
consumption, but it takes no effect for successive SYN attacks. When the device actively requests a
connection with an external device, reducing the SYN timeout value can shorten the time for the user
to wait, such as telnet login. For poor network conditions, the timeout value can be increased
properly. This command applies to both IPv4 and IPv6 TCP.
The following example set the timeout value for SYN packets to 10 seconds.
Ruijie(config)# ip tcp syntime-out 10
To Next Page
Loading...
