Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
signature
Syntax
signature {context
context-name ;direction (any | client-to-server
| server-to-client);negate;pattern
signature-pattern ;protocol {icmp {code {match (equal | greater-than
| less-than | not-equal);value
code-value ;}data-length {match (equal | greater-than
| less-than | not-equal);value
data-length ;}identification {match (equal | greater-than
| less-than | not-equal);value
identification-value
;}sequence-number {match (equal | greater-than
| less-than | not-equal);value
sequence-number ;}type {match (equal | greater-than
| less-than | not-equal);value
type-value ;}}ip {destination {match (equal | greater-than
| less-than | not-equal);value
hostname ;}identification {match (equal | greater-than
| less-than | not-equal);value
identification-value
;}ip-flags {(df | no-df);(mf | no-mf);(rb | no-rb);}protocol {match (equal | greater-than
| less-than | not-equal);value
transport-layer-protocol-id
;}source {match (equal | greater-than
| less-than | not-equal);value
hostname ;}tos {match (equal | greater-than
| less-than | not-equal);value
type-of-service-in-decimal
;}total-length {match (equal | greater-than
| less-than | not-equal);value
total-length-of-ip-datagram
;}ttl {match (equal | greater-than
| less-than | not-equal);value
time-to-live ;}}tcp {ack-number {match (equal | greater-than
| less-than | not-equal);value
acknowledgement-number
;}data-length {match (equal | greater-than
| less-than | not-equal);value
tcp-data-length ;}destination-port {match (equal | greater-than
| less-than | not-equal);value
destination-port ;}header-length {match (equal | greater-than
| less-than | not-equal);value
header-length ;}mss {match (equal | greater-than
| less-than | not-equal);value
maximum-segment-size
;}option {match (equal | greater-than
| less-than | not-equal);value
tcp-option ;}sequence-number {match (equal | greater-than
| less-than | not-equal);value
sequence-number ;}source-port {match (equal | greater-than
| less-than | not-equal);value
source-port ;}tcp-flags {(ack | no-ack);(fin | no-fin);(psh | no-psh);(r1 | no-r1);(r2 | no-r2);(rst | no-rst);(syn | no-syn);(urg | no-urg);}urgent-pointer {match (equal | greater-than
| less-than | not-equal);value
urgent-pointer ;}window-scale {match (equal | greater-than
| less-than | not-equal);value
window-scale-factor
;}window-size {match (equal | greater-than
| less-than | not-equal);value
window-size ;}}udp {data-length {match (equal | greater-than
| less-than | not-equal);value
data-length ;}destination-port {match (equal | greater-than
| less-than | not-equal);value
destination-port ;}source-port {match (equal | greater-than
| less-than | not-equal);value
source-port ;}}}protocol-binding {application application-name ;icmp;ip {protocol-number transport-layer-protocol-number ;}rpc {program-number rpc-program-number
;}tcp {minimum-port port-number maximum-port port-number ;}udp {minimum-port port-number maximum-port port-number ;}}regexp
regular-expression ;shellcode (all | intel |
no-shellcode | sparc);}
Hierarchy Level
[edit security idp custom-attack attack-name
attack-type]
Release Information
Statement introduced in Release 9.3 of Junos OS.
Description
IDP uses stateful signatures to detect attacks. Stateful signatures are more specific than regular signatures. With stateful signatures, IDP can look for the specific protocol or service used to perpetrate the attack.
Options
The remaining statements are explained separately.
Usage Guidelines
For configuration instructions and examples, see the Junos OS Security Configuration Guide.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
