Using the preset anomaly detection setting

Global Settings : Using the preset anomaly detection setting

By default, packets with the following anomalies are dropped:

• IP first fragments for IPv4 and IPv6 packets that do not pass a DoS attack check.

• TCP packets with control flags = 0 and sequence number = 0.

• TCP SYN packets with source port between 0-1023.

• Packets with MAC source address = destination address.

• IPv4 and IPv6 packets where source address = destination address.

• IPv6 fragments smaller than the minimum size.

• Fragmented ICMP packets.

• TCP fragments with offset value of 1.

• UDP and TCP packets with source port = destination port.

• TCP packets with SYN and FIN bits set.

• TCP packets with FIN, URG and PSH bits set and Seq number = 0.

These drops are not included in logs or reports.

Packets with these anomalies are well understood to be either harmful or useless, so we recommend that you maintain the default setting. You can use the CLI to disable/enable it if needed for testing or debugging.

To enable/disable detection for this set of protocol anomalies:

Use the following command:

execute dos-control {enable | disable}