The anti-attack fragment enable command enables defense against packet fragment attacks.
The undo anti-attack fragment enable command disables defense against packet fragment attacks.
The anti-attack fragment disable command disables defense against packet fragment attacks.
By default, defense against packet fragment attacks is enabled.
Usage Scenario
If an attacker sends error packet fragments to a device, the device consumes a large number of resources to process the error packet fragments, affecting normal services. To prevent the system from breaking down and to ensure normal network services, run the anti-attack fragment enable command to enable defense against packet fragment attacks.
The device detects error packet fragments after defense against error packet fragments is enabled. If the device detects error packet fragments, the device limits the rate of these fragments to ensure that the device CPU works properly.
Precautions
You can also run the anti-attack enable command in the system view to enable attack defense against all attack packets including packet fragments.