Chapter 20 IDP Commands
ZyWALL (ZLD) CLI Reference Guide
165
20.3.4 Editing/Creating Anomaly Profiles
Use these commands to create a new anomaly profile or edit an existing one. It is
recommended you use the web configurator to create/edit profiles. If you do not specify a base
profile, the default base profile is none.
" You CANNOT change the base profile later!
Table 90 Editing/Creating Anomaly Profiles
COMMAND DESCRIPTION
idp anomaly newpro [base {all | none}] Creates a new IDP anomaly profile called
newpro. newpro uses the base profile you
specify. Enters sub-command mode. All the
following commands relate to the new profile.
Use
exit to quit sub-command mode.
scan-detection sensitivity {low | medium |
high}
Sets scan-detection sensitivity.
no scan-detection sensitivity Clears scan-detection sensitivity. The default
sensitivity is medium.
scan-detection block-period <1..3600> Sets for how many seconds the ZyWALL
blocks all packets from being sent to the victim
(destination) of a detected anomaly attack.
[no] scan-detection {tcp-xxx} {activate | log
[alert] | block}
Activates TCP scan detection options where
{tcp-xxx} = {tcp-portscan | tcp-decoy-portscan |
tcp-portsweep | tcp-distributed-portscan | tcp-
filtered-portscan | tcp-filtered-decoy-portscan |
tcp-filtered-distributed-portscan | tcp-filtered-
portsweep}. Also sets TCP scan-detection logs
or alerts and blocking.
no deactivates TCP
scan detection, its logs, alerts or blocking.
[no] scan-detection {udp-xxx} {activate | log
[alert] | block}
Activates or deactivates UDP scan detection
options where {udp-xxx} = {udp-portscan | udp-
decoy-portscan | udp-portsweep | udp-
distributed-portscan | udp-filtered-portscan |
udp-filtered-decoy-portscan | udp-filtered-
distributed-portscan | udp-filtered-portsweep}.
Also sets UDP scan-detection logs or alerts
and blocking.
no deactivates UDP scan
detection, its logs, alerts or blocking.
[no] scan-detection {ip-xxx} {activate | log
[alert] | block}
Activates or deactivates IP scan detection
options where {ip-xxx} = {ip-protocol-scan | ip-
decoy-protocol-scan | ip-protocol-sweep | ip-
distributed-protocol-scan | ip-filtered-protocol-
scan | ip-filtered-decoy-protocol-scan | ip-
filtered-distributed-protocol-scan | ip-filtered-
protocol-sweep}. Also sets IP scan-detection
logs or alerts and blocking.
no deactivates IP
scan detection, its logs, alerts or blocking.
[no] scan-detection {icmp-sweep | icmp-
filtered-sweep} {activate | log [alert] |
block}
Activates or deactivates ICMP scan detection
options. Also sets ICMP scan-detection logs or
alerts and blocking.
no deactivates ICMP scan
detection, its logs, alerts or blocking.
To Next Page
Loading...
