User's Manual

ManualsBrandsZyXEL ManualsSoftwareCommunications Network Router NOT AVAILABLE

141

142

143

144

145

146

147

148

149

150

Chapter 22 IDP Commands

NXC CLI Reference Guide

149

22.3.4 Editing/Creating Anomaly Profiles

Use these commands to create a new anomaly profile or edit an existing one. It is

recommended you use the web configurator to create/edit profiles. If you do not specify a base

profile, the default base profile is none.

 You CANNOT change the base profile later!

signature sid action {drop | reject-sender |

reject-receiver | reject-both}

Sets an action for an IDP signature

no signature sid action Deactivates an action for an IDP signature.

show idp profile signature sid details Shows signature ID details of the specified

profile.

show idp profile signature {all | custom-

signature} details

Shows the signature details of the specified

profile.

Table 83 Editing/Creating IDP Signature Profiles (continued)

COMMAND DESCRIPTION

Table 84 Editing/Creating Anomaly Profiles

COMMAND DESCRIPTION

idp anomaly newpro [base {all | none}] Creates a new IDP anomaly profile called

newpro. newpro uses the base profile you

specify. Enters sub-command mode. All the

following commands relate to the new profile.

Use

exit to quit sub-command mode.

scan-detection sensitivity {low | medium |

high}

Sets scan-detection sensitivity.

no scan-detection sensitivity Clears scan-detection sensitivity. The default

sensitivity is medium.

scan-detection block-period <1..3600> Sets for how many seconds the NXC blocks all

packets from being sent to the victim

(destination) of a detected anomaly attack.

[no] scan-detection {tcp-xxx} {activate | log

[alert] | block}

Activates TCP scan detection options where

{tcp-xxx} = {tcp-portscan | tcp-decoy-portscan |

tcp-portsweep | tcp-distributed-portscan | tcp-

filtered-portscan | tcp-filtered-decoy-portscan |

tcp-filtered-distributed-portscan | tcp-filtered-

portsweep}. Also sets TCP scan-detection logs

or alerts and blocking.

no deactivates TCP

scan detection, its logs, alerts or blocking.

[no] scan-detection {udp-xxx} {activate | log

[alert] | block}

Activates or deactivates UDP scan detection

options where {udp-xxx} = {udp-portscan | udp-

decoy-portscan | udp-portsweep | udp-

distributed-portscan | udp-filtered-portscan |

udp-filtered-decoy-portscan | udp-filtered-

distributed-portscan | udp-filtered-portsweep}.

Also sets UDP scan-detection logs or alerts

and blocking.

no deactivates UDP scan

detection, its logs, alerts or blocking.