2 dos-control firstfrag, 3 dos-control tcpfrag – Kontron AT8902 Full Size CLI User Manual

AT8901/2/3

AT8901/2/3 CLI Reference Manual

Page 2 - 74

Format

dos-control sipdip

Mode

Global Config

2.18.1.1

no dos-control sipdip

This command disables Source IP Address = Destination IP Address (SIP=DIP) Denial
of Service prevention.

Format

no dos-control sipdip

Mode

Global Config

2.18.2

dos-control firstfrag

This command enables Minimum TCP Header Size Denial of Service protection. If the
mode is enabled, Denial of Service prevention is active for this type of attack. If
packets ingress having a TCP Header Size smaller then the configured value, the
packets will be dropped if the mode is enabled.The default is

disabled.

If you enable

dos-control firstfrag, but do not provide a Minimum TCP Header Size, the system sets
that value to

20

.

Default

disabled <20>

Format

dos-control firstfrag

[<0-255>]

Mode

Global Config

2.18.2.1

no dos-control firstfrag

This command sets Minimum TCP Header Size Denial of Service protection to the
default value of

disabled

.

Format

no dos-control firstfrag

Mode

Global Config

2.18.3

dos-control tcpfrag

This command enables TCP Fragment Denial of Service protection. If the mode is
enabled, Denial of Service prevention is active for this type of attack. If packets ingress
having IP Fragment Offset equal to one (1), the packets will be dropped if the mode is
enabled.

Default

disabled

Format

dos-control tcpfrag

Mode

Global Config

2.18.3.1

no dos-control tcpfrag

This command disabled TCP Fragment Denial of Service protection.

Format

no storm-control broadcast all

Mode

Global Config