PLANET XGS3-24040 User Manual

Chapter 50 Security Feature Configuration

50-2

[no] dosattack-check

ipv4-first-fragment enable

Enable/disable checking IPv4 fragment. This

command has no effect when used separately,

but if this function is not enabled, the switch will

not drop the IPv4 fragment packet containing

unauthorized TCP labels.

50.2.3 Anti Port Cheat Function Configuration Task Sequence

1． Enable the anti port cheat function

Command

Explanation

Global Mode

[no] dosattack-check

srcport-equal-dstport enable

Enable/disable the prevent-port-cheat function.

dosattack-check ipv4-first-fragment

enable

Enable/disable checking IPv4 fragment. This

command has no effect when used separately,

but if this function is not enabled, the switch will

not drop the IPv4 fragment packet whose

source port is equal to its destination port.

50.2.4 Prevent TCP Fragment Attack Function Configuration

Task Sequence

1．Enable the prevent TCP fragment attack function

2．Configure the minimum permitted TCP head length of the packet

Command

Explanation

Global Mode

[no] dosattack-check tcp-fragment

enable

Enable/disable the prevent TCP fragment

attack function.

dosattack-check tcp-header

Configure the minimum permitted TCP head

length of the packet. This command has no

effect when used separately, the user should

enable the dosattack-check tcp-fragment

enable.