custom-attack
Syntax
custom-attack attack-name {
attack-type (Security Anomaly) {
anomaly {
direction (any | client-to-server | server-to-client);
service service-name;
shellcode (all | intel | no-shellcode | sparc);
test test-condition;
}
chain {
expression boolean-expression;
member member-name {
attack-type (Security Anomaly) {
(anomaly ...same statements as in [edit security idp custom-attack attack-name attack-type anomaly] hierarchy level | signature ...same statements as in [edit security idp custom-attack attack-name attack-type signature] hierarchy level);
}
}
order;
protocol-binding {
application application-name;
icmp;
icmpv6;
ip {
protocol-number transport-layer-protocol-number;
}
ipv6 {
protocol-number transport-layer-protocol-number;
}
rpc {
program-number rpc-program-number;
}
tcp {
minimum-port port-number <maximum-port port-number>;
}
udp {
minimum-port port-number <maximum-port port-number>;
}
}
reset;
scope (session | transaction);
}
signature (Security IDP) {
context context-name;
direction (any | client-to-server | server-to-client);
negate;
pattern signature-pattern;
pattern-pcre signature-pattern-pcre;
protocol (Security IDP Signature Attack) {
icmp {
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
code {
match (equal | greater-than | less-than | not-equal);
value code-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
type {
match (equal | greater-than | less-than | not-equal);
value type-value;
}
}
icmpv6 (Security IDP Custom Attack) {
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
code {
match (equal | greater-than | less-than | not-equal);
value code-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
type {
match (equal | greater-than | less-than | not-equal);
value type-value;
}
}
ipv4 (Security IDP Signature Attack) {
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
destination {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
ihl {
match (equal | greater-than | less-than | not-equal);
value ihl-value;
}
ip-flags {
(df | no-df);
(mf | no-mf);
(rb | no-rb);
}
protocol (Security IDP Signature Attack) {
match (equal | greater-than | less-than | not-equal);
value transport-layer-protocol-id;
}
source {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
tos {
match (equal | greater-than | less-than | not-equal);
value type-of-service-in-decimal;
}
total-length {
match (equal | greater-than | less-than | not-equal);
value total-length-of-ip-datagram;
}
ttl {
match (equal | greater-than | less-than | not-equal);
value time-to-live;
}
}
ipv6 {
destination {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
flow-label {
match (equal | greater-than | less-than | not-equal);
value flow-label-value;
}
hop-limit {
match (equal | greater-than | less-than | not-equal);
value hop-limit-value;
}
next-header {
match (equal | greater-than | less-than | not-equal);
value next-header-value;
}
payload-length {
match (equal | greater-than | less-than | not-equal);
value payload-length-value;
}
source {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
traffic-class {
match (equal | greater-than | less-than | not-equal);
value traffic-class-value;
}
tcp (Security IDP Signature Attack){
ack-number {
match (equal | greater-than | less-than | not-equal);
value acknowledgement-number;
}
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value tcp-data-length;
}
destination-port (Security Signature Attack) {
match (equal | greater-than | less-than | not-equal);
value destination-port;
}
header-length {
match (equal | greater-than | less-than | not-equal);
value header-length;
}
mss (Security IDP) {
match (equal | greater-than | less-than | not-equal);
value maximum-segment-size;
}
option (Security IDP) {
match (equal | greater-than | less-than | not-equal);
value tcp-option;
}
reserved (Security IDP Custom Attack) {
match (equal | greater-than | less-than | not-equal);
value reserved-value;
}
sequence-number (Security IDP ICMP Headers) {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port;
}
tcp-flags {
(ack | no-ack);
(fin | no-fin);
(psh | no-psh);
(r1 | no-r1);
(r2 | no-r2);
(rst | no-rst);
(syn | no-syn);
(urg | no-urg);
}
urgent-pointer {
match (equal | greater-than | less-than | not-equal);
value urgent-pointer;
}
window-scale {
match (equal | greater-than | less-than | not-equal);
value window-scale-factor;
}
window-size {
match (equal | greater-than | less-than | not-equal);
value window-size;
}
}
udp (Security IDP Signature Attack) {
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port;
}
}
}
protocol-binding {
application application-name;
icmp;
icmpv6;
ip {
protocol-number transport-layer-protocol-number;
}
ipv6 {
protocol-number transport-layer-protocol-number;
}
rpc {
program-number rpc-program-number;
}
tcp {
minimum-port port-number <maximum-port port-number>;
}
udp {
minimum-port port-number <maximum-port port-number>;
}
}
regexp regular-expression;
shellcode (all | intel | no-shellcode | sparc);
}
}
recommended-action (close | close-client | close-server | drop | drop-packet | ignore | none);
severity (critical | info | major | minor | warning);
time-binding {
count count-value;
scope (destination | peer | source);
}
}
Hierarchy Level
[edit security idp] [edit tenants tenant-name security idp]
Description
Configure custom attack objects to detect a known or unknown attack that can be used to compromise your network.
Options
attack-name—Name of the custom attack object. The maximum number
of characters allowed for a custom attack object name is 60.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 9.3.