protocol (Security IDP Signature Attack)
Syntax
protocol {
icmp (Security IDP Signature Attack) {
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
code {
match (equal | greater-than | less-than | not-equal);
value code-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
identification (Security ICMP Headers) {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
sequence-number (Security IDP ICMP Headers) {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
type (Security IDP ICMP Headers) {
match (equal | greater-than | less-than | not-equal);
value type-value;
}
}
icmpv6 {
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
code {
match (equal | greater-than | less-than | not-equal);
value code-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
type {
match (equal | greater-than | less-than | not-equal);
value type-value;
}
}
ipv4 {
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
destination {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value;
}
ihl {
match (equal | greater-than | less-than | not-equal);
value ihl-value;
}
ip-flags {
(df | no-df);
(mf | no-mf);
(rb | no-rb);
}
protocol {
match (equal | greater-than | less-than | not-equal);
value transport-layer-protocol-id;
}
source {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
tos {
match (equal | greater-than | less-than | not-equal);
value type-of-service-in-decimal;
}
total-length {
match (equal | greater-than | less-than | not-equal);
value total-length-of-ip-datagram;
}
ttl {
match (equal | greater-than | less-than | not-equal);
value time-to-live;
}
}
ipv6 {
destination {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
extension-header {
destination-option {
home-address {
match (equal | greater-than | less-than | not-equal);
value header-value;
}
option-type {
match (equal | greater-than | less-than | not-equal);
value header-value;
}
}
routing-header {
header-type {
match (equal | greater-than | less-than | not-equal);
value header-value;
}
}
}
flow-label {
match (equal | greater-than | less-than | not-equal);
value flow-label-value;
}
hop-limit {
match (equal | greater-than | less-than | not-equal);
value hop-limit-value;
}
next-header {
match (equal | greater-than | less-than | not-equal);
value next-header-value;
}
payload-length {
match (equal | greater-than | less-than | not-equal);
value payload-length-value;
}
source {
match (equal | greater-than | less-than | not-equal);
value ip-address-or-hostname;
}
traffic-class {
match (equal | greater-than | less-than | not-equal);
value traffic-class-value;
}
tcp (Security IDP Signature Attack) {
ack-number {
match (equal | greater-than | less-than | not-equal);
value acknowledgement-number;
}
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value tcp-data-length;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port;
}
header-length {
match (equal | greater-than | less-than | not-equal);
value header-length;
}
mss {
match (equal | greater-than | less-than | not-equal);
value maximum-segment-size;
}
option {
match (equal | greater-than | less-than | not-equal);
value tcp-option;
}
reserved {
match (equal | greater-than | less-than | not-equal);
value reserved-value;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port;
}
tcp-flags {
(ack | no-ack);
(fin | no-fin);
(psh | no-psh);
(r1 | no-r1);
(r2 | no-r2);
(rst | no-rst);
(syn | no-syn);
(urg | no-urg);
}
urgent-pointer {
match (equal | greater-than | less-than | not-equal);
value urgent-pointer;
}
window-scale {
match (equal | greater-than | less-than | not-equal);
value window-scale-factor;
}
window-size {
match (equal | greater-than | less-than | not-equal);
value window-size;
}
}
udp (Security IDP Signature Attack) {
checksum-validate {
match (equal | greater-than | less-than | not-equal);
value checksum-value;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port;
}
}
}
Hierarchy Level
[edit security idp custom-attack attack-name attack-type signature]
Description
Specify a protocol to match the header information for the signature attack.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.3. Statement modified in Junos OS Release 12.3X48-D25 to add ICMPv6 protocol support.