Specifying IDP Test Conditions for a Specific Protocol

When configuring IDP custom attacks, you can specify test conditions for a specific protocol. For example, to configure test conditions for ICMP:

1. List supported test conditions for ICMP and choose the one you want to configure. The supported test conditions are available in the CLI at the [edit security idp custom-attack test1 attack-type anomaly] hierarchy level.
   
   

   user@router#set test icmp?

   Possible completions:
    <test>               Protocol anomaly condition to be checked
   
     ADDRESSMASK_REQUEST  
     DIFF_CHECKSUM_IN_RESEND  
     DIFF_CHECKSUM_IN_RESPONSE  
     DIFF_LENGTH_IN_RESEND 

2. Configure the service for which you want to configure the test condition.

   user@router# set service ICMP

3. Configure the test condition (specifying the protocol name is not required):

   user@router# set test ADDRESSMASK_REQUEST

4. If you are finished configuring the router, commit the configuration.

Related Topics

• Configuring Protocol Anomaly-Based Attacks
• Attack Properties—Protocol Anomaly Attacks