idp

Syntax

idp { active-policy policy-name ; custom-attack attack-name { attack-type {anomaly {direction (any | client-to-server | server-to-client);service service-name ;shellcode (all | intel | no-shellcode | sparc);test test-condition ;}chain {expression boolean-expression ;member member-name {attack-type {(anomaly | signature);}}order;protocol-binding {application application-name ;icmp;ip {protocol-number transport-layer-protocol-number ; }rpc {program-number rpc-program-number ;}tcp {minimum-port port-number maximum-port port-number ;}udp {minimum-port port-number maximum-port port-number ;}}reset;scope (session | transaction);}signature {context context-name ;direction (any | client-to-server | server-to-client);negate;pattern signature-pattern ;protocol {icmp {code {match (equal | greater-than | less-than | not-equal);value code-value ;}data-length {match (equal | greater-than | less-than | not-equal);value data-length ;}identification {match (equal | greater-than | less-than | not-equal);value identification-value ;}sequence-number {match (equal | greater-than | less-than | not-equal);value sequence-number ;}type {match (equal | greater-than | less-than | not-equal);value type-value ;}}ip {destination {match (equal | greater-than | less-than | not-equal);value hostname ;}identification {match (equal | greater-than | less-than | not-equal);value identification-value ;}ip-flags {(df | no-df);(mf | no-mf);(rb | no-rb);}protocol {match (equal | greater-than | less-than | not-equal);value transport-layer-protocol-id ;}source {match (equal | greater-than | less-than | not-equal);value hostname ;}tos {match (equal | greater-than | less-than | not-equal);value type-of-service-in-decimal ;}total-length {match (equal | greater-than | less-than | not-equal);value total-length-of-ip-datagram ;}ttl {match (equal | greater-than | less-than | not-equal);value time-to-live ;}}tcp {ack-number {match (equal | greater-than | less-than | not-equal);value acknowledgement-number ;}data-length {match (equal | greater-than | less-than | not-equal);value tcp-data-length ;}destination-port {match (equal | greater-than | less-than | not-equal);value destination-port ;}header-length {match (equal | greater-than | less-than | not-equal);value header-length ;}mss {match (equal | greater-than | less-than | not-equal);value maximum-segment-size ;}option {match (equal | greater-than | less-than | not-equal);value tcp-option ;}sequence-number {match (equal | greater-than | less-than | not-equal);value sequence-number ;}source-port {match (equal | greater-than | less-than | not-equal);value source-port ;}tcp-flags {(ack | no-ack);(fin | no-fin);(psh | no-psh);(r1 | no-r1);(r2 | no-r2);(rst | no-rst);(syn | no-syn);(urg | no-urg);}urgent-pointer {match (equal | greater-than | less-than | not-equal);value urgent-pointer ;}window-scale {match (equal | greater-than | less-than | not-equal);value window-scale-factor ;}window-size {match (equal | greater-than | less-than | not-equal);value window-size ;}}udp {data-length {match (equal | greater-than | less-than | not-equal);value data-length ;}destination-port {match (equal | greater-than | less-than | not-equal);value destination-port ;}source-port {match (equal | greater-than | less-than | not-equal);value source-port ;}}}protocol-binding {application application-name ;icmp;ip {protocol-number transport-layer-protocol-number ;}rpc {program-number rpc-program-number ;}tcp {minimum-port port-number maximum-port port-number ;}udp {minimum-port port-number maximum-port port-number ;}}regexp regular-expression ;shellcode (all | intel | no-shellcode | sparc);}}recommended-action (close | close-client | close-server | drop | drop-packet | ignore | none);severity (critical | info | major | minor | warning);time-binding {count count-value ;scope (destination | peer | source);}}custom-attack-group custom-attack-group-name {group-members [attack-group-name | attack-name];}dynamic-attack-group dynamic-attack-group-name { filters { category { values [list-of-values]; } direction { values [any | client-to-server | exclude-any | exclude-client-to-server | exclude-server-to-client | server-to-client]; } false-positives { values [frequently | occasionally | rarely | unknown]; } performance { values [fast | normal | slow | unknown]; } products { values [list-of-values]; } recommended; service { values [list-of-values]; } severity { values [critical | info | major | minor | warning]; } type { values [anomaly | signature]; }}}idp-policy policy-name {rulebase-exempt {rule rule-name {description text ;match {application [ application-name ];attacks {custom-attacks [ attack-name ];predefined-attack-groups [ attack-name ];predefined-attacks [ attack-name ];}destination-address [ address-name ];destination-except [ address-name ];from-zone zone-name ;source-address [ address-name ];source-except [ address-name ];to-zone zone-name ;}}}rulebase-ips {rule rule-name {description text ;match {attacks {custom-attacks [ attack-name ];predefined-attack-groups [ attack-name ];predefined-attacks [ attack-name ];}destination-address [ address-name ];destination-except [ address-name ];from-zone zone-name ;source-address [ address-name ];source-except [ address-name ];to-zone zone-name ;}terminal;then {action {(close-client | close-client-and-server | close-server |drop-connection | drop-packet | ignore-connection | mark-diffserv value | no-action | recommended);}ip-action {(ip-block | ip-close | ip-notify);log;target (destination-address | service | source-address | source-zone | zone-service);timeout seconds;}notification {log-attacks {alert;(}}severity (critical | info | major | minor | warning);}}}}security-package {automatic {enable;interval hours ;start-time start-time ;}url url-name ;}sensor-configuration {application-identification {application-system-cache;application-system-cache-timeout value ;disable;max-packet-memory value ;max-sessions value ;max-tcp-session-packet-memory value ;max-udp-session-packet-memory value ;nested-application-system-cache;nested-application;}detector {protocol-name protocol-name {tunable-name tunable-name {tunable-value protocol-value ;}}}flow {(allow-icmp-without-flow | no-allow-icmp-without-flow);(log-errors | no-log-errors);max-timers-poll-ticks value ;reject-timeout value ;(reset-on-policy | no-reset-on-policy);}global {(enable-all-qmodules | no-enable-all-qmodules);(enable-packet-pool | no-enable-packet-pool);(policy-lookup-cache | no-policy-lookup-cache);}ips {detect-shellcode;ignore-regular-expression;log-supercede-min minimum-value ;pre-filter-shellcode;process-ignore-s2c;process-override;process-port port-number ;}log {cache-size size ;suppression {disable;include-destination-address;max-logs-operate value ;max-time-report value ;start-log value ;}}re-assembler {ignore-mem-overflow;max-flow-mem value ;max-packet-mem value ;}}traceoptions {file filename {<files number >;<match regular-expression >;<size maximum-file-size >;<world-readable | no-world-readable>;}flag all;level (all | error | info | notice | verbose | warning);no-remote-trace;}}

Hierarchy Level

[edit security]

Release Information

Statement modified in Release 9.3 of Junos OS.

Description

Configure Intrusion Detection and Prevention (IDP) to selectively enforce various IDP attack detection and prevention techniques on the network.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.