tcp (Security IDP Signature Attack)
Syntax
tcp {
ack-number {
match (equal | greater-than | less-than | not-equal);
value acknowledgement-number;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value tcp-data-length;
}
destination-port (Security Signature Attack) {
match (equal | greater-than | less-than | not-equal);
value destination-port;
}
header-length {
match (equal | greater-than | less-than | not-equal);
value header-length;
}
mss (Security IDP) {
match (equal | greater-than | less-than | not-equal);
value maximum-segment-size;
}
option (Security IDP) {
match (equal | greater-than | less-than | not-equal);
value tcp-option;
}
reserved (Security IDP Custom Attack) {
match (equal | greater-than | less-than | not-equal);
value reserved-value;
}
sequence-number (Security IDP ICMP Headers) {
match (equal | greater-than | less-than | not-equal);
value sequence-number;
}
source-port (Security IDP) {
match (equal | greater-than | less-than | not-equal);
value source-port;
}
tcp-flags {
(ack | no-ack);
(fin | no-fin);
(psh | no-psh);
(r1 | no-r1);
(r2 | no-r2);
(rst | no-rst);
(syn | no-syn);
(urg | no-urg);
}
urgent-pointer {
match (equal | greater-than | less-than | not-equal);
value urgent-pointer;
}
window-scale {
match (equal | greater-than | less-than | not-equal);
value window-scale-factor;
}
window-size {
match (equal | greater-than | less-than | not-equal);
value window-size;
}
}
Hierarchy Level
[edit security idp custom-attack attack-name attack-type signature protocol]
Description
Allow IDP to match the TCP header information for the signature attack.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.3.