Dell PowerConnect 6248 Configuration Guide - Page 55

Table 3-1 describes the dos-control keywords. Table 3-1. DoS Control Keyword Meaning firstfrag Enabling First Fragment DoS prevention causes the switch to drop packets that have a TCP header smaller then the configured Min TCP Hdr Size. icmp ICMP DoS prevention causes the switch to drop ICMP packets that have a type set to ECHO_REQ (ping) and a size greater than the configured ICMP Pkt Size. l4port Enabling L4 Port DoS prevention causes the switch to drop packets that have TCP/UDP source port equal to TCP/UDP destination port. sipdip Enabling SIP=DIP DoS prevention causes the switch to drop packets that have a source IP address equal to the destination IP address. tcpflag Enabling TCP Flag DoS prevention causes the switch to drop packets that have TCP flag SYN set and TCP source port less than 1024 or TCP control flags set to 0 and TCP sequence number set to 0 or TCP flags FIN, URG, and PSH set and TCP sequence number set to 0 or both TCP flags SYN and FIN set. tcpfrag Enabling TCP Fragment DoS prevention causes the switch to drop packets that have an IP fragment offset equal to 1. CLI Examples The commands shown below show how to enable DoS protection and view its status. Example #1: Enabling all DOS Controls console#configure console(config)#dos-control sipdip console(config)#dos-control firstfrag console(config)#dos-control tcpfrag console(config)#dos-control l4port console(config)#dos-control icmp console(config)#exit Switching Configuration 55