Administrator Guide
Security Commands 1034
– TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0
and
– TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set
and
– TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
• TCP Offset:
– Checks for TCP header offset =1.
•TCP SYN:
– TCP Flag SYN set.
• TCP SYN & FIN:
– TCP Flags SYN and FIN set.
• TCP FIN & URG & PSH:
– TCP Flags FIN and URG and PSH set and TCP Sequence Number =
0.
•ICMP V6:
– Limiting the size of ICMPv6 Ping packets.
•ICMP Fragment:
– Checks for fragmented ICMP packets.
Commands in this Section
This section explains the following commands:
dos-control firstfrag rate-limit cpu
dos-control icmp show dos-control
dos-control l4port show system internal pktmgr
dos-control sipdip storm-control broadcast
dos-control tcpflag storm-control multicast
dos-control tcpfrag storm-control unicast
2CSNXXX_SWUM204.book Page 1034 Monday, January 25, 2016 1:25 PM