enable ip-security anomaly-protection tcp flags

enable ip-security anomaly-protection tcp flags {slot [ slot | all ]}

Description

Enables TCP flag checking.

Syntax Description

`slot`	Specifies the slot to be used.
all	Specifies all IP addresses, or all IP addresses in a particular state.

Default

The default is disabled.

Usage Guidelines

This command Enables TCP flag checking. This checking takes effect for both IPv4 and IPv6 TCP packets. When enabled, the switch drops TCP packets if one of following condition is true:

TCP SYN flag==1 and the source port<1024
TCP control flag==0 and the sequence number==0
TCP FIN, URG, and PSH bits are set, and the sequence number==0
TCP SYN and FIN both are set.

History

This command was first available in ExtremeXOS 12.0.

Platform Availability

This command is available on all platforms.

Published November 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services