Configure Intercepting Packet with Same Source and Destination MAC
When the switching port of the device receives the packet with the same source and destination MAC, drop the packet.
Table 17-17 Configure intercepting the packet with the same source and destination MAC
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure intercepting the packet with the same source and destination MAC
|
anti-attack detect src-dst-mac-equal
|
Mandatory
By default, do not configure the function of intercepting the packet with the same source and destination MAC
|
Configure Intercepting Packet with Same Source and Destination IP
When the switching port of the device receives the packet with the same source and destination IP, drop the packet.
Table 17-18 Configure intercepting the packet with the same source and destination IP
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure intercepting the packet with the same source and destination IP
|
anti-attack detect src-dst-ip-equal
|
Mandatory
By default, do not configure the function of intercepting the packet with the same source and destination IP.
|
Configure Intercepting TCP/UDP Packet with Same Source and Destination Port
When the switching port of the device receives the TCP/UDP packet with the same source and destination port, drop the packet.
Table 17-19 Configure intercepting the TCP/UDP packet with the same source and destination port
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure intercepting the
|
anti-attack detect
|
Mandatory
|
|
TCP/UDP packet with the same source and destination port
|
src-dst-port-equal
|
By default, do not configure the function of intercepting the TCP/UDP packet with the same source and destination port.
|
Configure Intercepting IPv4&v6 Packet with TCP Control Field (flags) and Serial No. (seq) as 0
When the switch port of the device receives the IPv4&6 packet with the TCP control field (flags) and serial number (seq) as 0, drop the packet.
Table 17-20 Configure intercepting the IPv4&v6 packet with the TCP control field (flags) and serial number (seq) as 0
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure intercepting the IPv4&v6 packet with the TCP control field (flags) and serial number (seq) as 0
|
anti-attack detect tcp-flag-seq-zero
|
Mandatory
By default, do not configure intercepting the IPv4&v6 packet with the TCP control field (flags) and serial number (seq) as 0.
|
Configure Intercepting the Attack of the IPv4&6 Packet with Incomplete TCP Protocol Header Smaller than 20 Bytes
When the switch port of the device receives the attack of the IPv4&6 packet with the incomplete TCP protocol header smaller than 20 bytes, drop the packet.
Table 17-21 Configure intercepting the attack of the IPv4&6 packet with the incomplete TCP protocol header smaller than 20 bytes
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure intercepting the attack of the IPv4&6 packet with the incomplete TCP protocol header smaller than 20 bytes
|
anti-attack detect tcp-hdr-incomplete
|
Mandatory
By default, do not configure intercepting the attack of the IPv4&6 packet with the incomplete TCP protocol header smaller than 20 bytes.
|
Configure Intercepting IPv4&6 Attack with TCP FIN, URG, and PSH as 1, but Sequence as 0
When the switch port of the device receives the IPv4&6 attack packet with the TCP FIN, URG, and PSH as 1, but sequence as 0, drop the packet.
Table 17-22 Configure intercepting the IPv4&6 attack packet with the TCP FIN, URG, and PSH as 1, but sequence as 0
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure intercepting the IPv4&6 attack packet with the TCP FIN, URG, and PSH as 1, but sequence as 0
|
anti-attack detect tcp-invalid-flag
|
Mandatory
By default, do not configure intercepting the IPv4&6 attack packet with the TCP FIN, URG, and PSH as 1, but sequence as 0.
|
Configure Intercepting the IPv4&6 Packet with TCP SYN and FIN Flags Set At the Same Time
When the switch port of the device receives the IPv4&6 packet with SYN FIN flags in TCP set at the same time, drop the packet.
Table 17-23 Configure intercepting the IPv4&6 packet with SYN FIN flags in TCP set at the same time
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Configure intercepting the IPv4&6 packet with SYN FIN flags in TCP set at the same time
|
anti-attack detect tcp-syn-fin
|
Mandatory
By default, do not configure intercepting the IPv4&6 packet with SYN FIN flags in TCP set at the same time.
|
Switch
.png){kind=icon}
.png){kind=logo}
