Network Protocol Contexts
These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups for network protocols as match conditions in IDP policy rules.
Service Contexts: BGP
The table displays the security context details for BGP:
Context and Direction |
Description |
Display Name |
---|---|---|
bgp-keepalive-msg (ANY) |
Matches the BGP keep alive message. |
BGP KeepAlive Message |
bgp-message (ANY) |
Matches any BGP message. |
BGP Message |
bgp-notification-msg (ANY) |
Matches the BGP notification message. |
BGP Notification Message |
bgp-open-msg (ANY) |
Matches the BFP open message. |
BGP Open Message |
bgp-open-no-parm (ANY) |
Matches the BFP open message without optional parameters. |
BGP Open Message without optional parameters |
bgp-open-parm (ANY) |
Matches the optional parameters in the BGP open message. |
BGP Optional parameters in Open Message |
bgp-route-refresh-msg (ANY) |
Matches the BGP Route Refresh Message |
BGP Route Refresh Message |
bgp-update-attr-aggregator (ANY) |
Matches the Aggregator path attribute data in the BGP update message. |
BGP Aggregator Path Attribute in Update Message |
bgp-update-attr-as-path (ANY) |
Matches the AS path attribute data in the BGP update message. |
BGP AS-Path Path Attribute in Update Message |
bgp-update-attr-atomic-aggr (ANY) |
Matches the atomic-aggregator path attribute data in the BGP update message. |
BGP Atomic-Aggregator Path Attribute in Update Message |
bgp-update-attr-cluster-list (ANY) |
Matches the Cluster-List path attribute data in the BGP update message. |
BGP Cluster-List Path Attribute in Update Message |
bgp-update-attr-communities (ANY) |
Matches the Communities path attribute data in the BGP update message. |
BGP Communities Path Attribute in Update Message |
bgp-update-attr-local-pref (ANY) |
Matches the Local-Pref path attribute data in BGP update message. |
BGP Local-Pref Path Attribute in Update Message |
bgp-update-attr-med (ANY) |
Matches the Multi-Exit-Disc path attribute data in the BGP update message. |
BGP Multi-Exit-Disc Path Attribute in Update Message |
bgp-update-attr-next-hop (ANY) |
Matches the Next-Hop path attribute data in the BGP update message. |
BGP Next-Hop Path Attribute in Update Message |
bgp-update-attr-nonstd (ANY) |
Matches any Non-Standard path attribute data in the BGP update message. |
BGP Non-standard Path Attribute in Update Message |
bgp-update-attr-rigin (ANY) |
Matches the Origin path attribute date in the BGP update message. |
BGP Origin Path Attribute in Update Message |
bgp-updet-attr-originator (ANY) |
Matches the Originator path attribute data in BFP update message. |
BGP Originator Path Attribute in Update Message |
bgp-update-msg (ANY) |
Matches the BGP update message. |
BGP Update Message |
bgp-update-nlri_infor (ANY) |
Matches the Network Layer Reachability Information in the BGP update message. |
BGP Network Layer Reachability Information in Update Message |
bgp-update-norm-unfeasible-rte (ANY) |
Matches the unfeasible routes data in BFP update message. This context shows each route expanded to 4 bytes, prefixed by a delimiter. |
BGP Unfeasible routes in Update Message (Normalized) |
bgp-update-total-path-attribute (ANY) |
Matches the Total Path Attribute data in the BGP update message. |
BGP Total Path Attributes in Update Message |
bgp-update-unfeasible-rts (ANY) |
Matches the unfeasible routes data in the BGP update message. |
BGP Unfeasible routes in Update Message |
Service Contexts: DHCP
The table displays the security context details for DHCP:
Context and Direction |
Description Example of Contexts |
|||
---|---|---|---|---|
dhcp-file-name (ANY) |
Matches the filename in a DHCP/bootp message. |
|||
dhcp-option (ANY) |
Matches each option in a DHCP/bootp message. Each option context contains the type and length of the option. |
|||
dhcp-server-name (ANY) |
Matches the server name in a DHCP/bootp message. |
Service Contexts: DNS
The table displays the security context details for DNS:
Context and Direction |
Description Example of Contexts |
|||
---|---|---|---|---|
dns-cname (ANY) |
Matches the CNAME in a DNS request or response. |
|||
dns-flags |
Matches flags of a DNS request or response |
|||
dns-rr-a6-rdata (ANY) |
Match the rdata of an A6 RR in a DNS request response. |
|||
dns-rr-afsdb-rdata (ANY) |
Matches the rdata of an AFSDB RR in a DNS request or response. |
|||
dns-rr-apl-rdata (ANY) |
Matches the rdata of an APL RR in a DNS request or response. |
|||
dns-rr-atma-rdata (ANY) |
Matches the rdata of an ATMA RR in a DNS request or response. |
|||
dns-rr-cname-rdata (ANY) |
Matches the rdata of a CNAME RR in a DNS request or response. |
|||
dns-rr-dnskey-rdata (ANY) |
Matches the rdata of DNSKEY RR in a DNS request or response. |
|||
dns-rr-ds-rdata (ANY) |
Matches the rdata of a DN RR in a DNS request or response. |
|||
dns-rr-eid-rdata (ANY) |
Matches the rdata of an EID RR in a DNS request or response. |
|||
dns-rr-hinfo-rdata (ANY) |
Matches the rdata of an HINFO RR in a DNS request or response. |
|||
dns-rr-key-rdata (ANY) |
Matches the rdata of a KEY RR in a DNS request or response. |
|||
dns-rr-kx-rdata (ANY) |
Matches the rdata of a KX RR in a DNS request or response. |
|||
dns-rr-mb-rdata (ANY) |
Matches the rdata of an MB RR in a DNS request or response. |
|||
dns-rr-md-rdata (ANY) |
Matches the rdata of an MD RR in a DNS request or response. |
|||
dns-rr-mf-rdata (ANY) |
Matches the rdata of an MF RR in a DNS request or response. |
|||
dns-rr-mg-rdata (ANY) |
Matches the rdata of an MG RR in a DNS request or response. |
|||
dns-rr-minfo-rdata (ANY) |
Matches the rdata of an MINFO RR in a DNS request or response. |
|||
dns-rr-mr-rdata (ANY) |
Matches the rdata of an MR RR in a DNS request or response. |
|||
dns-rr-mx-rdata (ANY) |
Matches the rdata of an MX RR in a DNS request or response. |
|||
dns-rr-naptr-rdata (ANY) |
Matches the rdata of a NAPTR RR in a DNS request or response. |
|||
dns-rr-nimloc-rdata (ANY) |
Matches the rdata of an NIMLOC RR in a DNS request or response. |
|||
dns-rr-nsap-rdata (ANY) |
Matches the rdata of an NSAP RR in a DNS request or response. |
|||
dns-rr-ns-rdata (ANY) |
Matches the rdata of an NS RR in a DNS request or response. |
|||
dns-rr-nsapptr-rdata (ANY) |
Matches the rdata of an NSAPPTR RR in a DNS request or response. |
|||
dns-rr-nsec-rdata (ANY) |
Matches the rdata of an NSEC RR in a DNS request or response. |
|||
dns-rr-null-rdata (ANY) |
Matches the rdata of a NULL RR in a DNS request or response. |
|||
dns-rr-nxt-rdata (ANY) |
Matches the rdata of a NXT RR in a DNS request or response. |
|||
dns-rr-ptr-rdata (ANY) |
Matches the rdata of a PTR RR in a DNS request or response. |
|||
dns-rr-px-rdata (ANY) |
Matches the rdata of a PX RR in a DNS request or response. |
|||
dns-rr-rp-rdata (ANY) |
Matches the rdata of an RP RR in a DNS request or response. |
|||
dns-rr-rrsig-rdata (ANY) |
Matches the rdata of an RRSIG RR in a DNS request or response. |
|||
dns-rr-sig-rdata (ANY) |
Matches the rdata of an SIG RR in a DNS request or response |
|||
dns-rr-soa-rdata (ANY) |
Matches the rdata of an SOA RR in a DNS request or response. |
|||
dns-rr-sshfp-data (ANY) |
Matches the rdata of an SSHFP RR in a DNS request or response. |
|||
dns-rr-tsip-rdata (ANY) |
Matches the rdata of a TSIP RR in a DNS request or response. |
|||
dns-rr-txt-rdata (ANY) |
Matches the rdata of a TXT RR in a DNS request or response. |
|||
dns-rr-type-rdata (ANY) |
Matches the entire resource record in a DNS request or response, including the type and class. |
|||
dns-rr-wks-rdata (ANY) |
Matches the rdata of a WKS RR in a DNS request or response. |
|||
dns-type-name (ANY) |
Matches any name resource record in a DNS request or response. The first 2 bytes of the context contain the RFC-1035 type values. |
|||
dns-update-header |
Matches the header of a DNS UPDATE request or response. |
Service Contexts: IKE
The table displays the security context details for IKE:
Context and Direction |
Description Example of Contexts |
|||
---|---|---|---|---|
ike-payload (ANY) |
Matches the payload in an IKE transaction |
Service Contexts: Modbus
The table displays the security context details for Modbus:
Context and Direction |
Description Example of Contexts |
|||
---|---|---|---|---|
modbus-except-resp (STC) |
Matches a Modbus Exception Response. |
|||
modbus-request (CTS) |
Matches a Modbus Request |
|||
modbus-response (STC) |
Matches a Modbus Response. |
|||
modbus-trailing-data (ANY) |
Matches trailing data after the first MODBUS PDU. |
Service Contexts: MSRPC
The table displays the security context details for MSRPC:
Context and Direction |
Description Example of Contexts |
|||
---|---|---|---|---|
msrpc-ans (STC) |
Matches the response data in a MSRPC session |
|||
msrpc-call (CTS) |
Matches the request data in a MSRPC session |
|||
msrpc-ifid-str (ANY) |
Matches the interface ID string in an MSRPC session. |
|||
msrpc-raw (ANY) |
Matches raw data in a MSRPC session |
Service Contexts: NetBIOS
The table displays the security context details for NetBIOS:
Context and Direction |
Description |
Display Name |
---|---|---|
nbds-browse-backup-server (ANY) |
Matches the name of a backup server in a NetBIOS browse message. |
NBDS Browse Backup Server |
nbds-browse-server-name (ANY) |
Matches the name of a server in a NetBIOS browse message. |
NBDS Browse Server Name |
nbds-destination-name (ANY) |
Matches the destination name field in a NetBIOS message. |
NBDS Destination Name |
nbds-mailslot-name (ANY) |
Matches the name of a mailslot in the NetBIOS mailslot message. |
NBDS Mailslot Name |
nbds-source-ip-address (ANY) |
Matches the source IP field in the NetBIOS datagram header. |
NBDS Source Ip Address |
nbds-source-name (ANY) |
Matches the source name field in a NetBIOS message. |
NBDS Source Name |
nbds-source-port (ANY) |
Matches the source port fields in the NetBIOS datagram header. |
NBDS Source Port |
nbname-node-name (ANY) |
Matches the node name in the status response message. |
NBNAME Node Name |
nbname-node-status (ANY) |
Matches the statistics field of a node status response. |
NBNAME Node Status |
nbname-nsd-ip-address (ANY) |
Matches the IP address of a NetBIOS name server specified in a redirect name query response message. |
NBNAME Nsd IP Address |
nbname-nsd-name (ANY) |
Matches the name of a NetBIOS name server specified in a redirect name query response message. |
NBNAME Nsd Name |
nbname-resource-address (ANY) |
Matches the IP address of a resource from the resource record. |
NBNAME Resource Address |
nbname-type-name (ANY) |
Matches the type and name in a question or a resource record. |
NBNAME Type Name |
Service Contexts: NTP
The table displays the security context details for NTP:
Context and Direction |
Description Example of Contexts |
|||
---|---|---|---|---|
ntp-ctrl-data-opt (ANY) |
Matches the data field in an NTP control message. |
|||
ntp-ctrl- opcode-response -var (ANY) |
Matches each of the name and value pairs found in the NTP control message data field. The context includes a 1-byte NTP control message opcode and a 1-byte NTP response type. |
Service Contexts: SNMP
The table displays the security context details for SNMP:
Context and Direction |
Description Example of Contexts |
|||
---|---|---|---|---|
snmp-community (ANY) |
Matches the community name in any SNMP request or response. |
|||
snmp-get- bulk-oid (CTS) |
Matches the binary OID in any SNMP Get-Bulk request. |
|||
snmp-get- bulk-oid-parsed (CTS) |
Matches the human-readable OID in any SNMP Get-Bulk request. |
|||
snmp-get- next-oid (CTS) |
Matches the binary OID in any SNMP Get-Next request. |
|||
snmp-get- next-oid-parsed (CTS) |
Matches the human-readable OID in any SNMP Get-Next request. |
|||
snmp-get-oid (CTS) |
Matches the binary OID in any SNMP Get request. |
|||
snmp-get- oid-parsed (CTS) |
Matches the human-readable OID in any SNMP Get request. |
|||
snmp-oid (ANY) |
Matches the binary OID in any SNMP request or response. |
|||
snmp-oid-parsed (ANY) |
Matches the human-readable OID in any SNMP request or response. |
|||
snmp-set-oid (CTS) |
Matches the binary OID in any SNMP Set request. |
|||
snmp-set-oid- parsed (CTS) |
Matches the human-readable OID in any SNMP Set request. |
|||
snmptrap-community (CTS) |
Matches the community name in any SNMPTRAP message. |
|||
snmptrap-eid (CTS) |
Matches the binary EID (Enterprise-ID) in any SNMPTRAP message. |
|||
snmptrap-eid-parsed (CTS) |
Matches the human-readable EID (Enterprise-ID) in any SNMPTRAP message. |
|||
snmptrap-inform-oid (CTS) |
Matches the binary OID in any SNMPTRAP Inform message. |
|||
snmptrap- inform-oid-parsed (CTS) |
Matches the human-readable OID in any SNMPTRAP Inform message. |
|||
snmptrap-oid (CTS) |
Matches the binary OID in any SNMPTRAP message. |
|||
snmptrap-oid- parsed (CTS) |
Matches the human-readable OID in any SNMPTRAP message. |
|||
snmptrap-v2- oid (CTS) |
Matches the binary OID in any SNMPTRAP v2 message. |
|||
snmptrap-v2- oid-parsed (CTS) |
Matches the human-readable OID in any SNMPTRAP v2 message. |