Technical Documentation

[edit security screen] Hierarchy Level

security {screen {ids-option screen-name {alarm-without-drop;icmp {flood <threshold packets-per-second>;fragment;ip-sweep <threshold packets-per-microsecond>;large;ping-death;}ip {bad-options;block-frag;loose-source-route-option;record-route-option;security-option;source-route-option;spoofing;stream-option;strict-source-route-option;tear-drop;timestamp-option;unknown-protocol;}limit-session {destination-ip-based number-of-sessions;source-ip-based number-of-sessions;}tcp {fin-no-ack;land;port-scan <threshold packets-per-microsecond>;syn-ack-ack-proxy <threshold number-of-connections>;syn-fin;syn-flood {alarm-threshold requests-per-second;attack-threshold requests-per-second;destination-threshold packets-per-second;source-threshold packets-per-second;timeout seconds;}syn-frag;tcp-no-flag;tcp-sweep <threshold value>;winnuke;}udp {flood <threshold packets-per-second>;udp-sweep <threshold value>;}}traceoptions {file <filename> <files number> <match regular-expression> <size maximum-file-size> <world-readable | no-world-readable>;flag flag;no-remote-trace;}}}

Published: 2010-04-28