3 dosattack-check tcp-flags enable, 4 dosattack-check srcport-equal-dstport enable, Dosattack – PLANET WGSW-50040 User Manual

Commands for Security Function Chapter 6 Commands for TACACS+

Drop the IPv4 fragment or non-fragment data packet whose source port is equal to its destination

port.

Switch(config)# dosattack-check ipv4-first-fragment enable

Switch(config)# dosattack-check srcport-equal-dstport enable

25.3 dosattack-check tcp-flags enable

Command:

[no] dosattack-check tcp-flags enable

Function:

Enable the function by which the switch will check the unauthorized TCP label function; the “no”

form of this command will disable this function.

Default:

This function disable on the switch by default

Command Mode:

Global Mode

Usage Guide:

With this function enabled, the switch will be able to drop follow four data packets containing

unauthorized TCP label: SYN=1 while source port is smaller than 1024;TCP label positions are all 0

while its serial No. =0;FIN=1,URG=1,PSH=1 and the TCP serial No.=0;SYN=1 and FIN=1. This

function can be used associating the “dosattack-check ipv4-first-fragment enable” command.

Example:

Drop one or more types of above four packet types.

Switch(config)# dosattack-check tcp-flags enable

25.4 dosattack-check srcport-equal-dstport enable

Command:

dosattack-check srcport-equal-dstport enable

Function:

Enable the function by which the switch will check if the source port is equal to the destination port;

the "no" form of this command disables this function.

Default:

Disable the function by which the switch will check if the source port is equal to the destination port.