Note
Denial of Service (DataPlane) is supported on XGS-III and later platforms only.This section describes the commands used to configure Denial of Service (DoS) Control. 200 Series software provides support for classifying and blocking specific types of Denial of Service attacks. You can configure your system to monitor and block these types of attacks:
SIP = DIP | Source IP address = Destination IP address |
First Fragment | TCP Header size smaller than configured value |
TCP Fragment | Allows the device to drop packets that have a TCP payload where the IP payload length minus the IP header size is less than the minimum allowed TCP header size |
TCP Flag | TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set |
L4 Port | Source TCP/UDP Port = Destination TCP/UDP Port |
ICMP | Limiting the size of ICMP (Internet Control Message Protocol) Ping packets |