Configuring TCP fragment attack prevention
About TCP fragment attack prevention
The TCP fragment attack prevention feature detects the length and fragment offset of received TCP fragments and drops attack TCP fragments.
Restrictions and guidelines
TCP fragment attack prevention takes precedence over single-packet attack prevention. When both are used, incoming TCP packets are processed first by TCP fragment attack prevention and then by the single-packet attack defense policy.
Procedure
Enter system view.
system-view
Enable TCP fragment attack prevention.
attack-defense tcp fragment enable
By default, TCP fragment attack prevention is enabled.