z/OS® V2R1 Communications
Server enhances the Intrusion Detection Services (IDS) IP fragment
attack type to detect fragment overlays that change the data in the
packet. In addition, the IP fragment attack detection is extended
to IPv6 traffic.
Enabling the IDS IP fragment attack detection
To
enable the IDS IP fragment attack detection, perform the appropriate
task in
Table 1.
Table 1. Enhanced IDS IP fragment attack
detectionTask |
Reference |
Enable the IDS IP fragment attack by using one
of the following options: - Use the IBM® Configuration
Assistant for z/OS to enable
the Fragment Attack in the IDS requirement map.
- Manually configure the IP_Fragment attack in the IDS policy file.
|
See the following topics:
|