Manual
+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1
348
Chapter 43 Security Feature Configuration
43.1 Introduction to Security Feature
Before introducing the security features, we here first introduce the DoS. The DoS is short for
Denial of Service, which is a simple but effective destructive attack on the internet. The server
under DoS attack will drop normal user data packet due to non-stop processing the attacker’s
data packet, leading to the denial of the service and worse can lead to leak of sensitive data of
the server.
Security feature refers to applications such as protocol check which is for protecting the server
from attacks such as DoS. The protocol check allows the user to drop matched packets based
on specified conditions. The security features provide several simple and effective protections
against Dos attacks while acting no influence on the linear forwarding performance of the
switch.
43.2 Security Feature Configuration
43.2.1 Prevent IP Spoofing Function Configuration Task Sequence
Command
Explanation
Global Mode
[no] dosattack-check srcip-equal-dstip
enable
Enable/disable the function of checking if the IP
source address is the same as the destination
address.
43.2.2 Prevent ICMP Fragment Attack Function Configuration Task
Sequence
1. Enable the prevent ICMP fragment attack function
2. Configure the max permitted ICMPv4 net load length
Command
Explanation
Global Mode
[no] dosattack-check icmp-attacking
enable
Enable/disable the prevent ICMP fragment
attack function.
dosattack-check icmpv4-size <size>
Configure the max permitted ICMPv4 net load
length. This command has not effect when used
separately, the user have to enable the
dosattack-check icmp-attacking enable.