1 no dos-control firstfrag, 4 dos-control tcpfrag, 1 no dos-control tcpfrag – Kontron AT8404 CLI User Manual

Switching Commands

AT8404

AT8404 CLI Reference Manual

Page 2 - 128

2.25.3.1

no dos-control firstfrag

This command sets Minimum TCP Header Size Denial of Service protection to the default value of disabled.

2.25.4

dos-control tcpfrag

This command enables TCP Fragment Denial of Service protection. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If packets ingress having IP Fragment Offset equal to one (1), the packets
will be dropped if the mode is enabled.

2.25.4.1

no dos-control tcpfrag

This command disabled TCP Fragment Denial of Service protection.

2.25.5

dos-control tcpflag

This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention
is active for this type of attacks. If packets ingress having TCP Flag SYN set and a source port less than 1024 or
having TCP Control Flags set to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN, URG, and PSH
set and TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set, the packets will be dropped if
the mode is enabled.

2.25.5.1

no dos-control tcpflag

This command sets disables TCP Flag Denial of Service protections.

Format

no dos-control firstfrag

Mode

Global Config

Default

disabled

Format

dos-control tcpfrag

Mode

Global Config

Format

no dos-control tcpfrag

Mode

Global Config

Default

disabled

Format

dos-control tcpflag

Mode

Global Config

Format

no dos-control tcpflag

Mode

Global Config