Command Reference Guide
Denial of Service Commands
CLI Command Reference
September 2014 Page 478
HP Moonshot Switch Module CLI Command Reference
dos-control tcpfinurgpsh
This command enables TCP FIN and URG and PSH and SEQ = 0 checking Denial of Service protections. If the
mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having TCP FIN,
URG, and PSH all set and TCP Sequence Number set to 0, the packets will be dropped if the mode is enabled.
no dos-control tcpfinurgpsh
This command sets disables TCP FIN and URG and PSH and SEQ = 0 checking Denial of Service protections.
show dos-control
This command displays Denial of Service configuration information.
Default disabled
Format
dos-control tcpfinurgpsh
Mode Global Config
Format
no dos-control tcpfinurgpsh
Mode Global Config
Format
show dos-control
Mode Privileged EXEC
Term Definition
First Fragment Mode The administrative mode of First Fragment DoS prevention. When
enabled, this causes the switch to drop packets that have a TCP header
smaller then the configured Min TCP Hdr Size.
Min TCP Hdr Size The minimum TCP header size the switch will accept if First Fragment
DoS prevention is enabled.
ICMPv4 Mode The administrative mode of ICMPv4 DoS prevention. When enabled,
this causes the switch to drop ICMP packets that have a type set to
ECHO_REQ (ping) and a size greater than the configured ICMPv4
Payload Size.
Max ICMPv4 Payload Size The maximum ICMPv4 payload size to accept when ICMPv4 DoS
protection is enabled.
ICMPv6 Mode The administrative mode of ICMPv6 DoS prevention. When enabled,
this causes the switch to drop ICMP packets that have a type set to
ECHO_REQ (ping) and a size greater than the configured ICMPv6
Payload Size.
Max ICMPv6 Payload Size The maximum ICMPv6 payload size to accept when ICMPv6 DoS
protection is enabled.
ICMPv4 Fragment Mode The administrative mode of ICMPv4 Fragment DoS prevention. When
enabled, this causes the switch to drop fragmented ICMPv4 packets.