attack-type (Security Signature)
Syntax
attack-type {
signature (Security IDP) {
context context-name;
direction (any | client-to-server | server-to-client);
negate;
pattern signature-pattern;
pattern-pcre signature-pattern-pcre;
protocol (Security IDP Signature Attack) {
icmp {
code {
match (equal | greater-than | less-than | not-equal);
value code-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
type {
match (equal | greater-than | less-than | not-equal);
value type-value;
}
}
icmpv6 (Security IDP Custom Attack) {
code {
match (equal | greater-than | less-than | not-equal);
value code-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
type {
match (equal | greater-than | less-than | not-equal);
value type-value;
}
}
ipv4 (Security IDP Signature Attack) {
destination {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
ihl {
match (equal | greater-than | less-than | not-equal);
value ihl-value;
}
ip-flags {
(df | no-df);
(mf | no-mf);
(rb | no-rb);
}
protocol {
match (equal | greater-than | less-than | not-equal);
value transport-layer-protocol-id;
}
source {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
tos {
match (equal | greater-than | less-than | not-equal);
value type-of-service-in-decimal;
}
total-length {
match (equal | greater-than | less-than | not-equal);
value total-length-of-ip-datagram;
}
ttl {
match (equal | greater-than | less-than | not-equal);
value time-to-live;
}
}
ipv6 {
destination {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
flow-label {
match (equal | greater-than | less-than | not-equal);
value flow-label-value;
}
hop-limit {
match (equal | greater-than | less-than | not-equal);
value hop-limit-value;
}
next-header {
match (equal | greater-than | less-than | not-equal);
value next-header-value;
}
payload-length {
match (equal | greater-than | less-than | not-equal);
value payload-length-value;
}
source {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
traffic-class {
match (equal | greater-than | less-than | not-equal);
value traffic-class-value;
}
tcp {
ack-number {
match (equal | greater-than | less-than | not-equal);
value acknowledgement-number;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value tcp-data-length;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port;
}
header-length {
match (equal | greater-than | less-than | not-equal);
value header-length;
}
mss {
match (equal | greater-than | less-than | not-equal);
value maximum-segment-size;
}
option {
match (equal | greater-than | less-than | not-equal);
value tcp-option;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port;
}
tcp-flags {
(ack | no-ack);
(fin | no-fin);
(psh | no-psh);
(r1 | no-r1);
(r2 | no-r2);
(rst | no-rst);
(syn | no-syn);
(urg | no-urg);
}
urgent-pointer {
match (equal | greater-than | less-than | not-equal);
value urgent-pointer;
}
window-scale {
match (equal | greater-than | less-than | not-equal);
value window-scale-factor;
}
window-size {
match (equal | greater-than | less-than | not-equal);
value window-size;
}
}
udp (Security IDP Signature Attack) {
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port;
}
}
}
protocol-binding {
application application-name;
icmp;
icmpv6;
ip {
protocol-number transport-layer-protocol-number;
}
ipv6 {
protocol-number transport-layer-protocol-number;
}
rpc {
program-number rpc-program-number;
}
tcp {
minimum-port port-number <maximum-port port-number>;
}
udp {
minimum-port port-number <maximum-port port-number>;
}
}
regexp regular-expression;
shellcode (all | intel | no-shellcode | sparc);
}
}
Hierarchy Level
[edit security idp custom-attack attack-name]
Description
Specify the type of attack.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.3.