Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

ipv4 (Security IDP Signature Attack)

Syntax

Hierarchy Level

Description

An IP header is header information at the beginning of an IP packet which contains information about IP version, source IP address, destination IP address, time-to-live, etc. Allow IDP to match the IP header information for the signature attack.

Options

The remaining statements are explained separately. See CLI Explorer.

identification

Specify a unique value used by the destination system to reassemble a fragmented packet.

  • Syntax:

    • match (equal | greater-than | less-than | not-equal)—Match an operand.

    • value identification-value—Match a decimal value.

  • Range: 0 through 65,535
ihl

Specify the IPv4 header length in words.

  • Syntax:

    • match (equal | greater-than | less-than | not-equal)—Match an operand.

    • value identification-value—Match a decimal value.

  • Range: 0 through 15
ip-flags

Specify that IDP looks for a pattern match whether or not the IP flag is set.

  • Syntax:

    • df | no-df—When set, the df (Don’t Fragment) indicates that the packet cannot be fragmented for transmission. When unset, it indicates that the packet can be fragmented.

    • mf | no-mf—When set, the mf (More Fragments) indicates that the packet contains more fragments. When unset, it indicates that no more fragments remain.

    • rb | no-rb—When set, the rb (Reserved Bit) indicates that the bit is reserved.
protocol

Specify the Transport Layer protocol number.

  • Syntax:

    • match (equal | greater-than | less-than | not-equal)—Match an operand.

    • value transport-layer-protocol-id—Match the Transport Layer protocol ID.
source

Specify the IP address or hostname of the attacking device.

  • Syntax:

    • match (equal | greater-than | less-than | not-equal)—Match an operand.

    • value ip-address-or-hostname—Match an IP address or a hostname.
tos

Specify the type of service.

  • Syntax:

    • match (equal | greater-than | less-than | not-equal)—Match an operand.

    • value type-of-service-in-decimal—The following service types are available:

      • 0000—Default

      • 0001—Minimize Cost

      • 0002—Maximize Reliability

      • 0003—Maximize Throughput

      • 0004—Minimize Delay

      • 0005—Maximize Security
total-length

Specify the number of bytes in the packet, including all header fields and the data payload.

  • Syntax:

    • match (equal | greater-than | less-than | not-equal)—Match an operand.

    • value total-length-of-ip-datagram—Length of the IP datagram.

  • Range: 0 through 65,535
ttl

Specify the time-to-live (TTL) value of the packet. This value represents the number of routers the packet can pass through. Each router that processes the packet decrements the TTL by 1; when the TTL reaches 0, the packet is discarded.

  • Syntax:

    • match (equal | greater-than | less-than | not-equal)—Match an operand.

    • value time-to-live—The time-to-live value.

  • Range: 0 through 255

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.3.