Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
protocol (Signature Attack)
Syntax
protocol {icmp {code {match (equal | greater-than
| less-than | not-equal);value
code-value ;}data-length {match (equal | greater-than
| less-than | not-equal);value
data-length ;}identification {match (equal | greater-than
| less-than | not-equal);value
identification-value
;}sequence-number {match (equal | greater-than
| less-than | not-equal);value
sequence-number ;}type {match (equal | greater-than
| less-than | not-equal);value
type-value ;}}ip {destination {match (equal | greater-than
| less-than | not-equal);value
hostname ;}identification {match (equal | greater-than
| less-than | not-equal);value
identification-value
;}ip-flags {(df | no-df);(mf | no-mf);(rb | no-rb);}protocol {match (equal | greater-than
| less-than | not-equal);value
transport-layer-protocol-id
;}source {match (equal | greater-than
| less-than | not-equal);value
hostname ;}tos {match (equal | greater-than
| less-than | not-equal);value
type-of-service-in-decimal
;}total-length {match (equal | greater-than
| less-than | not-equal);value
total-length-of-ip-datagram
;}ttl {match (equal | greater-than
| less-than | not-equal);value
time-to-live ;}}tcp {ack-number {match (equal | greater-than
| less-than | not-equal);value
acknowledgement-number
;}data-length {match (equal | greater-than
| less-than | not-equal);value
tcp-data-length ;}destination-port {match (equal | greater-than
| less-than | not-equal);value
destination-port ;}header-length {match (equal | greater-than
| less-than | not-equal);value
header-length ;}mss {match (equal | greater-than
| less-than | not-equal);value
maximum-segment-size
;}option {match (equal | greater-than
| less-than | not-equal);value
tcp-option ;}sequence-number {match (equal | greater-than
| less-than | not-equal);value
sequence-number ;}source-port {match (equal | greater-than
| less-than | not-equal);value
source-port ;}tcp-flags {(ack | no-ack);(fin | no-fin);(psh | no-psh);(r1 | no-r1);(r2 | no-r2);(rst | no-rst);(syn | no-syn);(urg | no-urg);}urgent-pointer {match (equal | greater-than
| less-than | not-equal);value
urgent-pointer ;}window-scale {match (equal | greater-than
| less-than | not-equal);value
window-scale-factor
;}window-size {match (equal | greater-than
| less-than | not-equal);value
window-size ;}}udp {data-length {match (equal | greater-than
| less-than | not-equal);value
data-length ;}destination-port {match (equal | greater-than
| less-than | not-equal);value
destination-port ;}source-port {match (equal | greater-than
| less-than | not-equal);value
source-port ;}}}
Hierarchy Level
[edit security idp custom-attack attack-name attack-type signature]
Release Information
Statement introduced in Release 9.3 of Junos OS.
Description
Specify a protocol to match the header information for the signature attack.
Options
The remaining statements are explained separately.
Usage Guidelines
For configuration instructions and examples, see the Junos OS Security Configuration Guide.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
