Network Security Commands
Defaults
parameter
state enable | disable
log enable | disable
trap enable | disable
quarantine enable | disable
period seconds
sensitivity num
Platforms Supported
OmniSwitch 6850, 6850E, 6855, 9000E
Usage Guidelines
•
Use the no form of this command to reset to default value.
•
Use the parameter period to set the time to observe traffic on a port to detect anomalies. Accuracy and
latency of algorithm is proportional to the time period.
•
Use the parameter count to configure the minimum traffic required to activate anomaly detection.
Accuracy of detection is proportional to count.
•
Use the parameter sensitivity to check anomaly sensitivity of deviation from the expected traffic
pattern. Accuracy of detection is proportional to sensitivity.
•
The following table lists the netsec anomaly command options for specifying anomalies:
anomaly name
arp-addr-scan
arp-flood
arp-failure
icmp-addr-scan
icmp-flood
icmp-unreachable
tcp-port-scan
tcp-addr-scan
syn-flood
syn-failure
syn-ack-scan
fin-scan
fin-ack-diff
rst-count
OmniSwitch CLI Reference Guide
default
disable
disable
disable
disable
30
50
count
defaults
50
90
6
30
90
20
20
30
90
10
2
6
5
50
June 2012
page 38-5