Chapter 20 IDP Commands
ZyWALL (ZLD) CLI Reference Guide
166
[no] scan-detection open-port {activate | log
[alert] | block}
Activates or deactivates open port scan
detection options. Also sets open port scan-
detection logs or alerts and blocking. no
deactivates open port scan detection, its logs,
alerts or blocking.
flood-detection block-period <1..3600> Sets for how many seconds the ZyWALL
blocks all packets from being sent to the victim
(destination) of a detected anomaly attack.
[no] flood-detection {tcp-flood | udp-flood |
ip-flood | icmp-flood} {activate | log
[alert] | block}
Activates or deactivates TCP, UDP, IP or ICMP
flood detection. Also sets flood detection logs
or alerts and blocking.
no deactivates flood
detection, its logs, alerts or blocking.
[no] http-inspection {http-xxx} activate Activates or deactivates http-inspection options
where http-xxx = {ascii-encoding | u-encoding |
bare-byte-unicode-encoding | base36-encoding
| utf-8-encoding | iis-unicode-codepoint-
encoding | multi-slash-encoding | iis-backslash-
evasion | self-directory-traversal | directory-
traversal | apache-whitespace | non-rfc-http-
delimiter | non-rfc-defined-char | oversize-
request-uri-directory | oversize-chunk-encoding
| webroot-directory-traversal}
http-inspection {http-xxx} log [alert] Sets http-inspection log or alert.
no http-inspection {http-xxx} log Deactivates http-inspection logs.
[no] http-inspection {http-xxx} action {drop
| reject-sender | reject-receiver | reject-
both}}
Sets http-inspection action
[no] tcp-decoder {tcp-xxx} activate Activates or deactivates tcp decoder options
where {tcp-xxx} = {undersize-len | undersize-
offset | oversize-offset | bad-length-options |
truncated-options | ttcp-detected | obsolete-
options | experimental-options}
tcp-decoder {tcp-xxx} log [alert] Sets tcp decoder log or alert options.
no tcp-decoder {tcp-xxx} log Deactivates tcp decoder log or alert options.
[no] tcp-decoder {tcp-xxx} action {drop |
reject-sender | reject-receiver | reject-
both}}
Sets tcp decoder action
[no] udp-decoder {truncated-header |
undersize-len | oversize-len} activate
Activates or deactivates udp decoder options
udp-decoder {truncated-header | undersize-len
| oversize-len} log [alert]
Sets udp decoder log or alert options.
no udp-decoder {truncated-header | undersize-
len | oversize-len} log
Deactivates udp decoder log options.
udp-decoder {truncated-header | undersize-len
| oversize-len} action {drop | reject-sender
| reject-receiver | reject-both}
Sets udp decoder action
no udp-decoder {truncated-header | undersize-
len | oversize-len} action
Deactivates udp decoder actions.
Table 90 Editing/Creating Anomaly Profiles (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
