3 dosattack-check srcport-equal-dstport enable, Dosattack, Check srcport – PLANET WGSW-52040 User Manual

42-209

Parameter:

None

Default:

This function disable on the switch by default

Command Mode:

Global Mode

Usage Guide:

With this function enabled, the switch will be able to drop follow four data packets containing unauthorized TCP label:

SYN=1 while source port is smaller than 1024;TCP label positions are all 0 while its serial No.

=0;FIN=1,URG=1,PSH=1 and the TCP serial No.=0;SYN=1 and FIN=1. This function can be used associating the

“dosattack-check ipv4-first-fragment enable” command.

Example:

Drop one or more types of above four packet types.

Switch(config)#dosattack-check tcp-flags enable

42.3 dosattack-check srcport-equal-dstport enable

Command:

dosattack-check srcport-equal-dstport enable

no dosattack-check srcport-equal-dstport enable

Function:

Enable the function by which the switch will check if the source port is equal to the destination port; the no command

disables this function.

Parameter:

None

Default:

Disable the function by which the switch will check if the source port is equal to the destination port.

Command Mode: