[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

icmp

See the following sections:

icmp (Protocol Binding Custom Attack)

Syntax



icmp;

Hierarchy Level



[edit security idp custom-attack            attack-name          attack-type chain protocol-binding]
[edit security idp custom-attack            attack-name          attack-type signature protocol-binding]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

Allow IDP to match the attack for specified ICMP.

This statement is supported on SRX-series devices.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

icmp (Security Screen)

Syntax



icmp {


flood {
threshold                number             ;
}


fragment;


ip-sweep {
threshold number;
}


large;
ping-death;
}

Hierarchy Level



[edit security screen ids-option            screen-name         ]

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Configure ICMP intrusion detection service (IDS) options.

This statement is supported on J-series and SRX-series devices.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

icmp (Signature Attack)

Syntax



icmp {


code {
match (equal | greater-than
| less-than | not-equal);
value   
            code-value             ;
}




data-length {
match (equal | greater-than
| less-than | not-equal);
value   
            data-length             ;
}




identification {
match (equal | greater-than
| less-than | not-equal);
value   
            identification-value             ;
}




sequence-number {
match (equal | greater-than
| less-than | not-equal);
value   
            sequence-number             ;
}




type {
match (equal | greater-than
| less-than | not-equal);
value   
            type-value             ;
}


}

Hierarchy Level



[edit security idp custom-attack            attack-name          attack-type signature protocol]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

Allow IDP to match the ICMP header information for the signature attack.

This statement is supported on SRX-series devices.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]