Protection from TCP Tiny and Overlapping Fragment
Attacks
Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP
port-specific traffic — is bypassed and traffic is sent to its destination although denied by the ACL.
RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into
the line cards and enabled by default.
Enabling SCP and SSH
Secure shell (SSH) is a protocol for secure remote login and other secure network services over an
insecure network. The Dell Neetworking OS is compatible with SSH versions 1.5 and 2, both the client
and server modes. SSH sessions are encrypted and use authentication.
For details about the command syntax, refer to the Security chapter in the Dell Networking OS Command
Line Interface Reference Guide.
SCP is a remote file copy program that works with SSH and is supported on the switch.
NOTE: The Windows-based WinSCP client software is not supported for secure copying between a
PC and a Dell Networking OS-based system. Unix-based SCP client software is supported.
To use the SSH client, use the following command.
• Open an SSH connection and specifying the host name, username, port number, and version of the
SSH client.
EXEC Privilege mode
ssh {hostname} [-l username | -p port-number | -v {1 | 2}
hostname is the IP address or host name of the remote device. Enter an IPv4 or IPv6 address in
dotted decimal format (A.B.C.D).
• Configure the Dell Networking system as an SCP/SSH server.
CONFIGURATION mode
ip ssh server {enable | port port-number}
• Configure the Dell Networking system as an SSH server that uses only version 1 or 2.
CONFIGURATION mode
ip ssh server version {1|2}
• Display SSH connection information.
EXEC Privilege mode
show ip ssh
Specifying an SSH Version
The following example shows using the ip ssh server version 2 command to enable SSH version 2
and the show ip ssh command to confirm the setting.
Dell(conf)#ip ssh server version 2
Dell(conf)#do show ip ssh
SSH server : disabled.
SSH server version : v2.
808
Security