6 dosattack-check tcp-header, 7 dosattack-check icmp-attacking enable, 8 dosattack-check icmpv4-size – Accton Technology ES4626 User Manual

107

TCP head is shorter than the specified value. Use “dosattack-check tcp-header”

command to specify the length.

Example:

Enable the Checking TCP fragment attack function.

Switch(Config)# dosattack-check tcp-fragment enable

2.6.3.6 dosattack-check tcp-header

Command: dosattack-check tcp-header

Function:

Configure the minimum TCP head length permitted by the switch

Parameter:

is the minimum TCP head length permitted by the switch

Default:

The length is 20 by default which is the shortest TCP head

Command Mode:Global Mode

Usage Guide:

To use this function the “dosattack-check tcp-fragment enable” function

must be enabled

Example:

Set the minimum TCP head length permitted by the switch to 20

Switch(Config)# dosattack-check tcp-fragment enable

Switch(Config)# dosattack-check tcp-header 20

2.6.3.7 dosattack-check icmp-attacking enable

Command: [no] dosattack-check icmp-attacking enable

Function:

Enable the ICMP fragment attack checking function on the switch; the “no”

form of this command disables this function

Parameter:

None

Default:

Disable the ICMP fragment attack checking function on the switch

Command Mode:Global Mode

Usage Guide:

With this function enabled the switch will be protected from the ICMP

fragment attacks, dropping the fragment ICMPv4/v6 data packets whose net length is

smaller than the specified value

Example:

Enable the ICMP fragment attack checking function

Switch(Config)# dosattack-check icmp-attacking enable

2.6.3.8 dosattack-check icmpv4-size

Command: dosattack-check icmpv4-size

Function:

Configure the max net length of the ICMPv4 data packet permitted by the

switch

Parameter:

is the max net length of the ICMPv4 data packet permitted by the

switch

Default:

The value is 0x200 by default

Command Mode:

Global Mode