User's Manual
Chapter 22 IDP Commands
NXC CLI Reference Guide
150
[no] scan-detection {ip-xxx} {activate | log
[alert] | block}
Activates or deactivates IP scan detection
options where {ip-xxx} = {ip-protocol-scan | ip-
decoy-protocol-scan | ip-protocol-sweep | ip-
distributed-protocol-scan | ip-filtered-protocol-
scan | ip-filtered-decoy-protocol-scan | ip-
filtered-distributed-protocol-scan | ip-filtered-
protocol-sweep}. Also sets IP scan-detection
logs or alerts and blocking.
no deactivates IP
scan detection, its logs, alerts or blocking.
[no] scan-detection {icmp-sweep | icmp-
filtered-sweep} {activate | log [alert] |
block}
Activates or deactivates ICMP scan detection
options. Also sets ICMP scan-detection logs or
alerts and blocking.
no deactivates ICMP scan
detection, its logs, alerts or blocking.
[no] scan-detection open-port {activate | log
[alert] | block}
Activates or deactivates open port scan
detection options. Also sets open port scan-
detection logs or alerts and blocking.
no
deactivates open port scan detection, its logs,
alerts or blocking.
flood-detection block-period <1..3600> Sets for how many seconds the NXC blocks all
packets from being sent to the victim
(destination) of a detected anomaly attack.
[no] flood-detection {tcp-flood | udp-flood |
ip-flood | icmp-flood} {activate | log
[alert] | block}
Activates or deactivates TCP, UDP, IP or ICMP
flood detection. Also sets flood detection logs
or alerts and blocking.
no deactivates flood
detection, its logs, alerts or blocking.
[no] http-inspection {http-xxx} activate Activates or deactivates http-inspection options
where http-xxx = {ascii-encoding | u-encoding |
bare-byte-unicode-encoding | base36-encoding
| utf-8-encoding | iis-unicode-codepoint-
encoding | multi-slash-encoding | iis-backslash-
evasion | self-directory-traversal | directory-
traversal | apache-whitespace | non-rfc-http-
delimiter | non-rfc-defined-char | oversize-
request-uri-directory | oversize-chunk-encoding
| webroot-directory-traversal}
http-inspection {http-xxx} log [alert] Sets http-inspection log or alert.
no http-inspection {http-xxx} log Deactivates http-inspection logs.
[no] http-inspection {http-xxx} action {drop
| reject-sender | reject-receiver | reject-
both}}
Sets http-inspection action
[no] tcp-decoder {tcp-xxx} activate Activates or deactivates tcp decoder options
where {tcp-xxx} = {undersize-len | undersize-
offset | oversize-offset | bad-length-options |
truncated-options | ttcp-detected | obsolete-
options | experimental-options}
tcp-decoder {tcp-xxx} log [alert] Sets tcp decoder log or alert options.
no tcp-decoder {tcp-xxx} log Deactivates tcp decoder log or alert options.
[no] tcp-decoder {tcp-xxx} action {drop |
reject-sender | reject-receiver | reject-
both}}
Sets tcp decoder action
[no] udp-decoder {truncated-header |
undersize-len | oversize-len} activate
Activates or deactivates udp decoder options
Table 84 Editing/Creating Anomaly Profiles (continued)
COMMAND DESCRIPTION