config fp-anomaly-v4
|
|||||||||||||||||||
Configure how the NP6 processor does IPv4 traffic anomaly protection. You can configure the NP6 pro- cessor to allow or drop the packets associated with
icmp-land {allow | drop |
trap-to-host}
Detects ICMP land anomalies. trap-to-host
ipv4-land {allow | drop |
trap-to-host}
Detects IPv4 land anomalies. trap-to-host
ipv4-optlsrr {allow |
drop | trap-to-host}
Detects IPv4 with loose source record route option anomalies.
trap-to-host
ipv4-optrr {allow | drop
| trap-to-host}
ipv4-optsecurity {allow |
drop | trap-to-host}
Detects IPv4 with record route option anomalies. trap-to-host
Detects security option anomalies. trap-to-host
ipv4-optssrr {allow |
drop | trap-to-host}
Detects IPv4 with strict source record route option anomalies.
trap-to-host
ipv4-optstream {allow |
drop | trap-to-host}
Detects stream option anomalies. trap-to-host
ipv4-opttimestamp {allow
| drop | trap-to-host}
ipv4-proto-err {allow |
drop | trap-to-host}
Detects timestamp option anomalies. trap-to-host
Detects invalid layer 4 protocol anomalies. trap-to-host
ipv4-unknopt {allow |
drop | trap-to-host}
Detects unknown option anomalies. trap-to-host
Command Description Default
tcp-land {allow | drop |
trap-to-host}
Detects TCP land anomalies. trap-to-host
tcp-syn-fin {allow | drop
| trap-to-host}
tcp-winnuke {allow | drop
| trap-to-host}
Detects TCP SYN flood SYN/FIN flag set anomalies. allow
Detects TCP WinNuke anomalies. trap-to-host
tcp_fin_noack {allow |
drop | trap-to-host}
tcp_fin_only {allow |
drop | trap-to-host}
Detects TCP SYN flood with FIN flag set without
ACK setting anomalies.
Detects TCP SYN flood with only FIN flag set anom- alies. trap-to-host
trap-to-host
tcp_no_flag {allow | drop
| trap-to-host}
Detects TCP SYN flood with no flag set anomalies. allow
tcp_syn_data {allow |
drop | trap-to-host}
Detects TCP SYN flood packets with data anom- alies.
allow
udp-land {allow | drop |
trap-to-host}
Detects UDP land anomalies. trap-to-host