Brocade Communications Systems ServerIron ADX 12.4.00a Security Manual page 140

5
DDoS protection
lt
lteq
neq
The configured generic rule will have to be bound to a filter, to take effect.
ServerIronADX(config)# security filter filter1
ServerIronADX(config-sec-filter1)# rule generic gen1 drop
Syntax: {no} rule generic <generic-rule-name> [log | no-log] [drop | no-drop]
The <generic-rule-name> variable is the name of the preciously defined generic rule that
you want to bind to a filter:
The log parameter directs the ServerIron ADX to log traffic on the bound interface that matches the
generic rule specified by the configured <generic-rule-name>. The no-log parameter disables
this function.
The drop parameter directs the ServerIron ADX to drop traffic on the bound interface that matches
the generic rule specified by the configured <generic-rule-name>. The no-drop parameter
disables this function.
Table 13 describes some attack types that require a generic rule.
TABLE 12
Attack Type
Information tunneling
Well Known Attacks
126
less-than
less-than-or-equals
not-equals
Common attack types that require a generic rule
Description
Attacker attempts to pass information in and out of the network incognito.
Packets appear to be performing one function. In reality, they are performing
another function. For example, a remote user may be engaged in a root shell
session on a protected host, but all transmissions appear to be ICMP echo
requests and replies.
Use security generic to handle this attack type.
There are many documented attacks that can be identified by using a
pattern, also known as a signature.
Use security generic for this attack type. It provides you the flexibility of
locating attacks having a pattern.
ServerIron ADX Security Guide
53-1002440-03