Configuring TCP fragment attack protection

The TCP fragment attack protection feature enables the device to drop attack TCP fragments to prevent TCP fragment attacks that packet filter cannot detect. As defined in RFC 1858, attack TCP fragments refer to the following TCP fragments:

To configure TCP fragment attack protection:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable TCP fragment attack protection.

attack-defense tcp fragment enable

By default, TCP fragment attack protection is enabled.