tcp (Signature Attack)

Syntax

tcp {ack-number {match (equal | greater-than | less-than | not-equal);value acknowledgement-number ;}data-length {match (equal | greater-than | less-than | not-equal);value tcp-data-length ;}destination-port {match (equal | greater-than | less-than | not-equal);value destination-port ;}header-length {match (equal | greater-than | less-than | not-equal);value header-length ;}mss {match (equal | greater-than | less-than | not-equal);value maximum-segment-size ;}option {match (equal | greater-than | less-than | not-equal);value tcp-option ;}sequence-number {match (equal | greater-than | less-than | not-equal);value sequence-number ;}source-port {match (equal | greater-than | less-than | not-equal);value source-port ;}tcp-flags {(ack | no-ack);(fin | no-fin);(psh | no-psh);(r1 | no-r1);(r2 | no-r2);(rst | no-rst);(syn | no-syn);(urg | no-urg);}urgent-pointer {match (equal | greater-than | less-than | not-equal);value urgent-pointer ;}window-scale {match (equal | greater-than | less-than | not-equal);value window-scale-factor ;}window-size {match (equal | greater-than | less-than | not-equal);value window-size ;}}

Hierarchy Level

[edit security idp custom-attack attack-name attack-type signature protocol]

Release Information

Statement introduced in Release 9.3 of Junos OS.

Description

Allow IDP to match the TCP header information for the signature attack.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.