Denial of service commands, Dos-control firstfrag – Dell PowerEdge M605 User Manual

Denial of Service Commands

139

Denial of Service Commands

dos-control firstfrag

Use the dos-control firstfrag command in Global Configuration mode to enable Minimum TCP
Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is
active for this type of attack. If packets ingress having a TCP Header Size smaller than the
configured value, the packets are dropped.

Syntax

dos-control firstfrag [size]

no dos-control firstfrag

•

size —TCP header size. (Range: 0-255). The default TCP header size is 20. ICMP packet
size is 512.

Default Configuration

Denial of Service is disabled.

Command Mode

Global Configuration mode

User Guidelines

This command has no user guidelines.

Example

The following example defines a minimum TCP header size of 20. Packets entering with a
smaller header size are dropped.

console(config)#dos-control firstfrag 20