Small PMTU

Small PMTU (Packet MTU) is a bandwidth attack in which the client fools the server into sending large amounts of data using small packets. Each packet has a large overhead that creates a "bottleneck" on the server.

You can protect against this attack by specifying a minimum packet size for data sent over the Internet.

Small PMTU Fields

In this field…	Do this…
Action	Specify what action to take when a packet is smaller than the Minimal MTU Size threshold, by selecting one of the following: Block. Block the packet. None. No action. This is the default.
Track	Specify whether to issue logs for packets are smaller than the Minimal MTU Size threshold, by selecting one of the following: Log. Issue logs. This is the default. None. Do not issue logs.
Minimal MTU Size	Type the minimum value allowed for the MTU field in IP packets sent by a client. An overly small value will not prevent an attack, while an overly large value might degrade performance and cause legitimate requests to be dropped. The default value is 300.

In this field…

Do this…

Action

Specify what action to take when a packet is smaller than the Minimal MTU Size threshold, by selecting one of the following:

Block. Block the packet.
None. No action. This is the default.

Track

Specify whether to issue logs for packets are smaller than the Minimal MTU Size threshold, by selecting one of the following:

Log. Issue logs. This is the default.
None. Do not issue logs.

Minimal MTU Size

Type the minimum value allowed for the MTU field in IP packets sent by a client.

An overly small value will not prevent an attack, while an overly large value might degrade performance and cause legitimate requests to be dropped.

The default value is 300.