beautypg.com

4 dosattack-check srcport-equal-dstport enable, 5 dosattack-check tcp-fragment enable – Accton Technology ES4626 User Manual

Page 106

background image

106

Function:

Enable the function by which the switch will check the unauthorized TCP label

function; the “no” form of this command will disable this function.

Parameter:

None

Default:

This function disable on the switch by default

Command Mode:Global Mode

Usage Guide:

With this function enabled, the switch will be able to drop follow four data

packets containing unauthorized TCP label: SYN=1 while source port is smaller than

1024;TCP label positions are all 0 while its serial No. =0;FIN=1,URG=1,PSH=1 and the

TCP serial No.=0;SYN=1 and FIN=1. This function can be used associating the

“dosattack-check ipv4-first-fragment enable” command

Example:

Drop one or more types of above four packet types.

Switch(Config)# dosattack-check tcp-flags enable

2.6.3.4 dosattack-check srcport-equal-dstport enable

Command: dosattack-check srcport-equal-dstport enable

Function:

Enable the function by which the switch will check if the source port is equal to

the destination port; the "no" form of this command disables this function

Parameter:

None

Default:

Disable the function by which the switch will check if the source port is equal to

the destination port

Command Mode:Global Mode

Usage Guide:

With this function enabled, the switch will be able to drop TCP and UDP

data packet whose destination port is equal to the source port. This function can be used

associating the “dosattack-check ipv4-first-fragment enable” function so to block the IPv4

fragment TCP and UDP data packet whose destination port is equal to the source port

Example:

Drop the non-fragment TCP and UDP data packet whose destination port is

equal to the source port

Switch(Config)# dosattack-check srcport-equal-dstport enable

2.6.3.5 dosattack-check tcp-fragment enable

Command: [no] dosattack-check tcp-fragment enable

Function:

Enable the function by which the switch detects TCP fragment attacks; the “no”

form of this command disables this function

Parameter:

None

Default:

This function is not enabled on the switch by default

Command Mode:

Global Mode

Usage Guide:

By enabling this function the switch will be protected from the TCP

fragment attacks, dropping the data packets whose TCP fragment offset value is 1 or the

This manual is related to the following products:
See also other documents in the category Accton Technology Computer Accessories: