4 dosattack-check icmp-attacking enable, Dosattack, Check icmp – PLANET WGSW-52040 User Manual

42-210

Global Mode

Usage Guide:

With this function enabled, the switch will be able to drop TCP and UDP data packet whose destination port is equal

to the source port. This function can be used associating the “dosattack-check ipv4-first-fragment enable” function so

to block the IPv4 fragment TCP and UDP data packet whose destination port is equal to the source port.

Example:

Drop the non-fragment TCP and UDP data packet whose destination port is equal to the source port.

Switch(config)#dosattack-check srcport-equal-dstport enable

42.4 dosattack-check icmp-attacking enable

Command:

[no] dosattack-check icmp-attacking enable

Function:

Enable the ICMP fragment attack checking function on the switch; the “no” form of this command disables this

function.

Parameter:

None

Default:

Disable the ICMP fragment attack checking function on the switch

Command Mode:

Global Mode

Usage Guide:

With this function enabled the switch will be protected from the ICMP fragment attacks, dropping the fragment

ICMPv4/v6 data packets whose net length is smaller than the specified value.

Example:

Enable the ICMP fragment attack checking function.

Switch(config)#dosattack-check icmp-attacking enable