Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual page 1131

Configuring Network Security
anomaly name
tcp-port-scan
tcp-addr-scan
syn-flood
syn-failure
syn-ack-scan
fin-scan
fin-ack-diff
rst-count
To configure the anomaly to be monitored, enter netsec group, the group name, anomaly, the anomaly
name, and the optional keywords shown in the table below:
Anomaly parameters Description
state
trap
log
quarantine
count
period
sensitivity
For example, to enable or disable the anomaly parameter log of the monitoring-group "group1", enter:
-> netsec group group1 anomaly arp-flood log enable
-> netsec group group1 anomaly arp-flood log disable
For example, to configure the anomaly parameter period of the monitoring-group "ad", enter:
-> netsec group ad anomaly tcp-port-scan period 30
To reset to its default value, enter:
-> no netsec group ad anomaly tcp-port-scan period
OmniSwitch AOS Release 6 Network Configuration Guide
Specifies the status of anomaly detection.
Sends a trap when an anomaly is detected.
Logs detected anomalies.
Quarantines the port on which an anomaly is detected. If an anomaly
is detected, then the source port will be quarantined. The
interfaces port command displays the quarantined ports and use
interfaces clear-violation-all
The number of packets that must be seen during the period to trigger
anomaly detection.
The time duration to observe traffic pattern, in seconds.
Sensitivity of anomaly detection to deviation from the expected traf-
fic pattern.
command to clear the port violation.
September 2009
Configuring Network Security
show
page 47-7