custom-attack

Syntax

custom-attack attack-name { attack-type {anomaly {direction (any | client-to-server | server-to-client);service service-name ;shellcode (all | intel | no-shellcode | sparc);test test-condition ;}chain {expression boolean-expression ;member member-name {attack-type {(anomaly | signature);}}order;protocol-binding {application application-name ;icmp;ip {protocol-number transport-layer-protocol-number ; }rpc {program-number rpc-program-number ;}tcp {minimum-port port-number maximum-port port-number ;}udp {minimum-port port-number maximum-port port-number ;}}reset;scope (session | transaction);}signature {context context-name ;direction (any | client-to-server | server-to-client);negate;pattern signature-pattern ;protocol {icmp {code {match (equal | greater-than | less-than | not-equal);value code-value ;}data-length {match (equal | greater-than | less-than | not-equal);value data-length ;}identification {match (equal | greater-than | less-than | not-equal);value identification-value ;}sequence-number {match (equal | greater-than | less-than | not-equal);value sequence-number ;}type {match (equal | greater-than | less-than | not-equal);value type-value ;}}ip {destination {match (equal | greater-than | less-than | not-equal);value hostname ;}identification {match (equal | greater-than | less-than | not-equal);value identification-value ;}ip-flags {(df | no-df);(mf | no-mf);(rb | no-rb);}protocol {match (equal | greater-than | less-than | not-equal);value transport-layer-protocol-id ;}source {match (equal | greater-than | less-than | not-equal);value hostname ;}tos {match (equal | greater-than | less-than | not-equal);value type-of-service-in-decimal ;}total-length {match (equal | greater-than | less-than | not-equal);value total-length-of-ip-datagram ;}ttl {match (equal | greater-than | less-than | not-equal);value time-to-live ;}}tcp {ack-number {match (equal | greater-than | less-than | not-equal);value acknowledgement-number ;}data-length {match (equal | greater-than | less-than | not-equal);value tcp-data-length ;}destination-port {match (equal | greater-than | less-than | not-equal);value destination-port ;}header-length {match (equal | greater-than | less-than | not-equal);value header-length ;}mss {match (equal | greater-than | less-than | not-equal);value maximum-segment-size ;}option {match (equal | greater-than | less-than | not-equal);value tcp-option ;}sequence-number {match (equal | greater-than | less-than | not-equal);value sequence-number ;}source-port {match (equal | greater-than | less-than | not-equal);value source-port ;}tcp-flags {(ack | no-ack);(fin | no-fin);(psh | no-psh);(r1 | no-r1);(r2 | no-r2);(rst | no-rst);(syn | no-syn);(urg | no-urg);}urgent-pointer {match (equal | greater-than | less-than | not-equal);value urgent-pointer ;}window-scale {match (equal | greater-than | less-than | not-equal);value window-scale-factor ;}window-size {match (equal | greater-than | less-than | not-equal);value window-size ;}}udp {data-length {match (equal | greater-than | less-than | not-equal);value data-length ;}destination-port {match (equal | greater-than | less-than | not-equal);value destination-port ;}source-port {match (equal | greater-than | less-than | not-equal);value source-port ;}}}protocol-binding {application application-name ;icmp;ip {protocol-number transport-layer-protocol-number ;}rpc {program-number rpc-program-number ;}tcp {minimum-port port-number maximum-port port-number ;}udp {minimum-port port-number maximum-port port-number ;}}regexp regular-expression ;shellcode (all | intel | no-shellcode | sparc);}}recommended-action (close | close-client | close-server | drop | drop-packet | ignore | none);severity (critical | info | major | minor | warning);time-binding {count count-value ;scope (destination | peer | source);}}

Hierarchy Level

[edit security idp]

Release Information

Statement modified in Release 9.3 of Junos OS.

Description

Configure custom attack objects to detect a known or unknown attack that can be used to compromise your network.

Options

attack-name —Name of the custom attack object.

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.