Tag Elements Beginning with A > <anomaly> (configuration/security/idp/custom-attack/attack-type/
chain/member/attack-type)

Usage

<configuration>
    <security>
        <idp>
            <custom-attack>
                <attack-type>
                    <chain>
                        <member>
                            <attack-type>
                                <anomaly>
                                    <test>test</test> <!-- mandatory -->
                                    <direction>direction-choice</direction> <!-- mandatory -->
                                    <shellcode>shellcode-choice</shellcode>
                                </anomaly>
                            </attack-type>
                        </member>
                    </chain>
                </attack-type>
            </custom-attack>
        </idp>
    </security>
</configuration>

Description

Protocol anomaly.

Contents

<direction>—Direction.

• any—Any direction.
• client-to-server—From Client to Server.
• server-to-client—From Server to Client.

<shellcode>—Specify shellcode flag for this attack.

• all—Detect shellcode for both intel and sparc platforms.
• intel—Detect shellcode for intel platforms.
• no-shellcode—Do not detect shellcode.
• sparc—Detect shellcode for sparc platforms.

<test>—Protocol anomaly condition to be checked.