[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

signature

Syntax

signature {
context context-name ;
direction (any | client-to-server | server-to-client);
negate;
pattern signature-pattern ;
protocol {
icmp {
code {
match (equal | greater-than | less-than | not-equal);
value code-value ;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length ;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value ;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number ;
}
type {
match (equal | greater-than | less-than | not-equal);
value type-value ;
}
}
ip {
destination {
match (equal | greater-than | less-than | not-equal);
value hostname ;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value ;
}
ip-flags {
(df | no-df);
(mf | no-mf);
(rb | no-rb);
}
protocol {
match (equal | greater-than | less-than | not-equal);
value transport-layer-protocol-id ;
}
source {
match (equal | greater-than | less-than | not-equal);
value hostname ;
}
tos {
match (equal | greater-than | less-than | not-equal);
value type-of-service-in-decimal ;
}
total-length {
match (equal | greater-than | less-than | not-equal);
value total-length-of-ip-datagram ;
}
ttl {
match (equal | greater-than | less-than | not-equal);
value time-to-live ;
}
}
tcp {
ack-number {
match (equal | greater-than | less-than | not-equal);
value acknowledgement-number ;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value tcp-data-length ;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port ;
}
header-length {
match (equal | greater-than | less-than | not-equal);
value header-length ;
}
mss {
match (equal | greater-than | less-than | not-equal);
value maximum-segment-size ;
}
option {
match (equal | greater-than | less-than | not-equal);
value tcp-option ;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number ;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port ;
}
tcp-flags {
(ack | no-ack);
(fin | no-fin);
(psh | no-psh);
(r1 | no-r1);
(r2 | no-r2);
(rst | no-rst);
(syn | no-syn);
(urg | no-urg);
}
urgent-pointer {
match (equal | greater-than | less-than | not-equal);
value urgent-pointer ;
}
window-scale {
match (equal | greater-than | less-than | not-equal);
value window-scale-factor ;
}
window-size {
match (equal | greater-than | less-than | not-equal);
value window-size ;
}
}
udp {
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length ;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port ;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port ;
}
}
}
protocol-binding {
application application-name ;
icmp;
ip {
protocol-number transport-layer-protocol-number ;
}
rpc {
program-number rpc-program-number ;
}
tcp {
minimum-port port-number maximum-port port-number ;
}
udp {
minimum-port port-number maximum-port port-number ;
}
}
regexp regular-expression ;
shellcode (all | intel | no-shellcode | sparc);
}

Hierarchy Level

[edit security idp custom-attack attack-name attack-type]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

IDP uses stateful signatures to detect attacks. Stateful signatures are more specific than regular signatures. With stateful signatures, IDP can look for the specific protocol or service used to perpetrate the attack.

This statement is supported on SRX-series devices.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]