Configuring Network Security Configuring Network Security
OmniSwitch 6800/6850/9000 Network Configuration Guide March 2008 page 39-7
To configure the anomaly to be monitored, enter netsec group, the group name, anomaly, the anomaly
name, and the optional keywords shown in the table below:
For example, to enable or disable the anomaly parameter log of the monitoring-group “group1”, enter:
-> netsec group group1 anomaly arp-flood log enable
-> netsec group group1 anomaly arp-flood log disable
For example, to configure the anomaly parameter period of the monitoring-group “ad”, enter:
-> netsec group ad anomaly tcp-port-scan period 30
To reset to its default value, enter:
-> no netsec group ad anomaly tcp-port-scan period
tcp-port-scan
tcp-addr-scan
syn-flood
syn-failure
syn-ack-scan
fin-scan
fin-ack-diff
rst-count
Anomaly parameters Description
state Specifies the status of anomaly detection.
trap Sends a trap when an anomaly is detected.
log Logs detected anomalies.
quarantine Quarantines the port on which an anomaly is detected. If an anomaly
is detected, then the source port will be quarantined. The show
interfaces port command displays the quarantined ports and use
interfaces clear-violation-all command to clear the port violation.
count The number of packets that must be seen during the period to trigger
anomaly detection.
period The time duration to observe traffic pattern, in seconds.
sensitivity Sensitivity of anomaly detection to deviation from the expected traf-
fic pattern.
anomaly name
To Next Page
Loading...
