-
custom-attack attack-name {
-
- attack-type {
-
- anomaly {
- direction (any | client-to-server
| server-to-client);
- service
service-name ;
- shellcode (all | intel |
no-shellcode | sparc);
- test
test-condition ;
- }
-
- chain {
- expression boolean-expression
;
-
- member
member-name {
-
- attack-type {
- (anomaly | signature);
- }
- }
- order;
-
- protocol-binding {
- application application-name
;
- icmp;
-
- ip {
- protocol-number
transport-layer-protocol-number
;
- }
-
- rpc {
- program-number rpc-program-number
;
- }
-
- tcp {
- minimum-port port-number
maximum-port port-number ;
- }
-
- udp {
- minimum-port port-number
maximum-port port-number ;
- }
- }
- reset;
- scope (session | transaction);
- }
-
- signature {
- context
context-name ;
- direction (any | client-to-server
| server-to-client);
- negate;
- pattern
signature-pattern
;
-
- protocol {
-
- icmp {
-
- code {
- match (equal | greater-than
| less-than | not-equal);
- value
code-value
;
- }
-
- data-length {
- match (equal | greater-than
| less-than | not-equal);
- value
data-length
;
- }
-
- identification {
- match (equal | greater-than
| less-than | not-equal);
- value
identification-value
;
- }
-
- sequence-number {
- match (equal | greater-than
| less-than | not-equal);
- value
sequence-number
;
- }
-
- type {
- match (equal | greater-than
| less-than | not-equal);
- value
type-value
;
- }
- }
-
- ip {
-
- destination {
- match (equal | greater-than
| less-than | not-equal);
- value
hostname
;
- }
-
- identification {
- match (equal | greater-than
| less-than | not-equal);
- value
identification-value
;
- }
-
- ip-flags {
- (df | no-df);
- (mf | no-mf);
- (rb | no-rb);
- }
-
- protocol {
- match (equal | greater-than
| less-than | not-equal);
- value
transport-layer-protocol-id ;
- }
-
- source {
- match (equal | greater-than
| less-than | not-equal);
- value
hostname
;
- }
-
- tos {
- match (equal | greater-than
| less-than | not-equal);
- value
type-of-service-in-decimal ;
- }
-
- total-length {
- match (equal | greater-than
| less-than | not-equal);
- value
total-length-of-ip-datagram ;
- }
-
- ttl {
- match (equal | greater-than
| less-than | not-equal);
- value
time-to-live
;
- }
- }
-
- tcp {
-
- ack-number {
- match (equal | greater-than
| less-than | not-equal);
- value
acknowledgement-number
;
- }
-
- data-length {
- match (equal | greater-than
| less-than | not-equal);
- value
tcp-data-length
;
- }
-
- destination-port {
- match (equal | greater-than
| less-than | not-equal);
- value
destination-port
;
- }
-
- header-length {
- match (equal | greater-than
| less-than | not-equal);
- value
header-length
;
- }
-
- mss {
- match (equal | greater-than
| less-than | not-equal);
- value
maximum-segment-size
;
- }
-
- option {
- match (equal | greater-than
| less-than | not-equal);
- value
tcp-option
;
- }
-
- sequence-number {
- match (equal | greater-than
| less-than | not-equal);
- value
sequence-number
;
- }
-
- source-port {
- match (equal | greater-than
| less-than | not-equal);
- value
source-port
;
- }
-
- tcp-flags {
- (ack | no-ack);
- (fin | no-fin);
- (psh | no-psh);
- (r1 | no-r1);
- (r2 | no-r2);
- (rst | no-rst);
- (syn | no-syn);
- (urg | no-urg);
- }
-
- urgent-pointer {
- match (equal | greater-than
| less-than | not-equal);
- value
urgent-pointer
;
- }
-
- window-scale {
- match (equal | greater-than
| less-than | not-equal);
- value
window-scale-factor
;
- }
-
- window-size {
- match (equal | greater-than
| less-than | not-equal);
- value
window-size
;
- }
- }
-
- udp {
-
- data-length {
- match (equal | greater-than
| less-than | not-equal);
- value
data-length
;
- }
-
- destination-port {
- match (equal | greater-than
| less-than | not-equal);
- value
destination-port
;
- }
-
- source-port {
- match (equal | greater-than
| less-than | not-equal);
- value
source-port
;
- }
- }
- }
-
- protocol-binding {
- application application-name
;
- icmp;
-
- ip {
- protocol-number transport-layer-protocol-number ;
- }
-
- rpc {
- program-number rpc-program-number
;
- }
-
- tcp {
- minimum-port port-number
maximum-port port-number ;
- }
-
- udp {
- minimum-port port-number
maximum-port port-number ;
- }
- }
- regexp
regular-expression
;
- shellcode (all | intel |
no-shellcode | sparc);
- }
- }
- recommended-action (close
| close-client | close-server | drop |
- drop-packet | ignore | none);
- severity (critical | info
| major | minor | warning);
-
- time-binding {
- count
count-value ;
- scope (destination | peer
| source);
- }
- }
- [edit security idp]
Statement modified in Release 9.3 of JUNOS software.
Configure custom attack objects to detect a known or unknown attack that can be used to compromise your network.
This statement is supported on SRX-series devices.
attack-name —Name of the custom attack object.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.