Suspicious Control Flow Commands

Use the commands described in this section to regulate suspicious control flows.

baseline suspicious-control-flow-detection counts

• Use to set a baseline for statistics for suspicious control flow detection.
• Example

  host1#baseline suspicious-control-flow-detection counts

• There is no no version.
• See baseline suspicious-control-flow-detection counts.

clear suspicious-control-flow-detection

• Use to clear the active state for suspicious control detection.
• If you do not specify a slot or interface, clears all suspicious flows.
• If you specify a slot, clears all specified suspicious flows on that slot.
• If you specify an interface and protocol, and source mac-address. clears that specific flow.
• Example

  host1#clear suspicious-control-flow-detection interface atm 1/0.1 ppp Control address 0000.0001.0002

• There is no no version.
• See clear suspicious-control-flow-detection.

suspicious-control-flow-detection grouping-off

• Use to turn off overflow protection for suspicious control flow detection, enabling flows to be grouped into larger entities when the line module flow table overflows.
• Example

  host1(config)#suspicious-control-flow-detection grouping-off

• Use the no version to turn on overflow protection.
• See suspicious-control-flow-detection grouping-off.

suspicious-control-flow-detection off

• Use to turn off the suspicious control flow detection.
• Example

  host1(config)#suspicious-control-flow-detection off

• Use the no version to turn on suspicious control flow detection, which is the default.
• See suspicious-control-flow-detection off.

suspicious-control-flow-detection protocol backoff-time

• Use to set the backoff time in seconds for a specific protocol that triggers the suspicious flow to return to a nonsuspicious state.
• When set to zero, a suspicious control flow for a protocol does not return to a nonsuspicious state using a time mechanism.
• Example

  host1(config)#suspicious-control-flow-detection protocol iposi backoff-time 300

• Use the no version to restore the defaults for the protocol, 300 seconds.
• See suspicious-control-flow-detection protocol backoff-time.

suspicious-control-flow-detection protocol low-threshold

• Use to set a threshold for a specific protocol; if the flow rate falls below this rate, a suspicious flow changes to the nonsuspicious state.
• Low threshold is the rate in packets per second at which a suspicious flow becomes no longer suspicious.
• When set to zero, a suspicious flow cannot change to the nonsuspicious state by means of a low threshold rate. To clear this flow, you must use the clear suspicious-control-flow-detection command.
• Example

  host1(config)#suspicious-control-flow-detection protocol iposi low-threshold 512

• Use the no version to restore the defaults for the protocol.
• See suspicious-control-flow-detection protocol low-threshold.

suspicious-control-flow-detection protocol threshold

• Use to set the threshold in packets per second for a specific protocol, which triggers the flow to become a suspicious flow.
• When set to zero, a suspicious flow cannot change to the nonsuspicious state via a threshold rate.
• Example

  host1(config)#suspicious-control-flow-detection protocol iposi threshold 1024

• Use the no version to restore the defaults for the protocol.
• See suspicious-control-flow-detection protocol threshold.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.