signature (Security IDP)
语法
signature { context context-name; direction (any | client-to-server | server-to-client); negate; pattern signature-pattern; pattern-pcre signature-pattern-pcre; protocol (Security IDP Signature Attack) { iicmp (Security IDP Signature Attack) { checksum-validate { match (equal | greater-than | less-than | not-equal); value checksum-value; } code { match (equal | greater-than | less-than | not-equal); value code-value; } data-length { match (equal | greater-than | less-than | not-equal); value data-length; } identification { match (equal | greater-than | less-than | not-equal); value identification-value; } sequence-number { match (equal | greater-than | less-than | not-equal); value sequence-number; } type { match (equal | greater-than | less-than | not-equal); value type-value; } } icmpv6 { checksum-validate { match (equal | greater-than | less-than | not-equal); value checksum-value; } code { match (equal | greater-than | less-than | not-equal); value code-value; } data-length { match (equal | greater-than | less-than | not-equal); value data-length; } identification { match (equal | greater-than | less-than | not-equal); value identification-value; } sequence-number { match (equal | greater-than | less-than | not-equal); value sequence-number; } type { match (equal | greater-than | less-than | not-equal); value type-value; } } ipv4 (Security IDP Signature Attack) { checksum-validate { match (equal | greater-than | less-than | not-equal); value checksum-value; } destination { match (equal | greater-than | less-than | not-equal); value ip-address-or-hostname; } identification (Security ICMP Headers) { match (equal | greater-than | less-than | not-equal); value identification-value; } ihl { match (equal | greater-than | less-than | not-equal); value ihl-value; } ip-flags { (df | no-df); (mf | no-mf); (rb | no-rb); } protocol { match (equal | greater-than | less-than | not-equal); value transport-layer-protocol-id; } source { match (equal | greater-than | less-than | not-equal); value ip-address-or-hostname; } tos { match (equal | greater-than | less-than | not-equal); value type-of-service-in-decimal; } total-length { match (equal | greater-than | less-than | not-equal); value total-length-of-ip-datagram; } ttl { match (equal | greater-than | less-than | not-equal); value time-to-live; } } ipv6 { destination { match (equal | greater-than | less-than | not-equal); value ip-address-or-hostname; } extension-header { destination-option { home-address { match (equal | greater-than | less-than | not-equal); value header-value; } option-type { match (equal | greater-than | less-than | not-equal); value header-value; } } routing-header { header-type { match (equal | greater-than | less-than | not-equal); value header-value; } } } flow-label { match (equal | greater-than | less-than | not-equal); value flow-label-value; } hop-limit { match (equal | greater-than | less-than | not-equal); value hop-limit-value; } next-header { match (equal | greater-than | less-than | not-equal); value next-header-value; } payload-length { match (equal | greater-than | less-than | not-equal); value payload-length-value; } source { match (equal | greater-than | less-than | not-equal); value ip-address-or-hostname; } traffic-class { match (equal | greater-than | less-than | not-equal); value traffic-class-value; } tcp (Security IDP Signature Attack) { ack-number { match (equal | greater-than | less-than | not-equal); value acknowledgement-number; } checksum-validate { match (equal | greater-than | less-than | not-equal); value checksum-value; } data-length { match (equal | greater-than | less-than | not-equal); value tcp-data-length; } destination-port { match (equal | greater-than | less-than | not-equal); value destination-port; } header-length { match (equal | greater-than | less-than | not-equal); value header-length; } mss { match (equal | greater-than | less-than | not-equal); value maximum-segment-size; } option { match (equal | greater-than | less-than | not-equal); value tcp-option; } reserved { match (equal | greater-than | less-than | not-equal); value reserved-value; } sequence-number { match (equal | greater-than | less-than | not-equal); value sequence-number; } source-port { match (equal | greater-than | less-than | not-equal); value source-port; } tcp-flags { (ack | no-ack); (fin | no-fin); (psh | no-psh); (r1 | no-r1); (r2 | no-r2); (rst | no-rst); (syn | no-syn); (urg | no-urg); } urgent-pointer { match (equal | greater-than | less-than | not-equal); value urgent-pointer; } window-scale { match (equal | greater-than | less-than | not-equal); value window-scale-factor; } window-size { match (equal | greater-than | less-than | not-equal); value window-size; } } udp (Security IDP Signature Attack) { checksum-validate { match (equal | greater-than | less-than | not-equal); value checksum-value; } data-length { match (equal | greater-than | less-than | not-equal); value data-length; } destination-port { match (equal | greater-than | less-than | not-equal); value destination-port; } source-port { match (equal | greater-than | less-than | not-equal); value source-port; } } } protocol-binding { application application-name; icmp; icmpv6; ip { protocol-number transport-layer-protocol-number; } ipv6 { protocol-number transport-layer-protocol-number; } rpc { program-number rpc-program-number; } tcp { minimum-port port-number <maximum-port port-number>; } udp { minimum-port port-number <maximum-port port-number>; } } regexp regular-expression; shellcode (all | intel | no-shellcode | sparc); }
层次结构级别
[edit security idp custom-attack attack-name attack-type]
描述
IDP 使用状态签名来检测攻击。状态签名比常规签名更具体。通过状态签名,IDP 可以查找用于实施攻击的特定协议或服务。
选项
其余语句将单独解释。请参阅 CLI 资源管理器。
所需权限级别
安全性 - 在配置中查看此语句。
安全控制 — 将此语句添加到配置中。
发布信息
Junos OS 9.3 版中引入的语句。