Enhanced IDS IP fragment attack detection

z/OS® V2R1 Communications Server enhances the Intrusion Detection Services (IDS) IP fragment attack type to detect fragment overlays that change the data in the packet. In addition, the IP fragment attack detection is extended to IPv6 traffic.

Enabling the IDS IP fragment attack detection

To enable the IDS IP fragment attack detection, perform the appropriate task in Table 1.

Table 1. Enhanced IDS IP fragment attack detection
Task	Reference
Enable the IDS IP fragment attack by using one of the following options: Use the IBM® Configuration Assistant for z/OS to enable the Fragment Attack in the IDS requirement map. Manually configure the IP_Fragment attack in the IDS policy file.	See the following topics: Intrusion detection services in z/OS Communications Server: IP Configuration Guide IBM Configuration Assistant for z/OS Communications Server online help IP_FRAGMENT attack type in z/OS Communications Server: IP Configuration Reference