Example: Specifying IDP Test Conditions for a Specific Protocol (CLI)

When configuring Intrusion Detection and Prevention (IDP) custom attacks, you can specify test conditions for a specific protocol. For example, to configure test conditions for ICMP:

1. List supported test conditions for ICMP and choose the one you want to configure. The supported test conditions are available in the CLI at the [edit security idp custom-attack test1 attack-type anomaly] hierarchy level.
   
   

   user@host#set test icmp?

   Possible completions:
    <test>               Protocol anomaly condition to be checked
   
     ADDRESSMASK_REQUEST
     DIFF_CHECKSUM_IN_RESEND
     DIFF_CHECKSUM_IN_RESPONSE
     DIFF_LENGTH_IN_RESEND 

2. Configure the service for which you want to configure the test condition.
   user@host# set service ICMP
3. Configure the test condition (specifying the protocol name is not required):
   user@host# set test ADDRESSMASK_REQUEST
4. If you are finished configuring the device, commit the configuration.

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• Understanding IDP Protocol Anomaly-Based Attacks
• Example: Configuring IDP Protocol Anomaly-Based Attacks (CLI)