Zte ZXR10 8900 Series User Manual page 119

Parameter
portscan
<number5>
log
yes|no
action
pass|block
2. Modifying intrusion detection rule.
Command
ZXR10_FW.ips #dos rule modify ruleid
<string> stattype <synflood|udpflood|i
cmpflood|portscan|ipsweep> threshold
<number>[log <yes|no>][action
<pass|block>]
Parameter Description:
Parameter
modify
ruleid
<string>
stattype
synflood|udpflood|ic
mpflood|portscan|ip
sweep
threshold
<number>
3. Moving intrusion detection rule.
Confidential and Proprietary Information of ZTE CORPORATION
Chapter 8 Intrusion Prevention Configuration
Description
This sets the max IP packets containing
TCP SYN segment sent from the same one
source IP to multiple ports of destination IP
within the specified interval. When packet
number reaches this threshold, it believes
that ports are scanned for one time.
This is one number, ranging from 1 to
65535.
When attack event occurs, it sets whether
to record it into log.
yes: Record the event into log; no: Don't
record the event into log.
It sets whether to permit packets to pass
through.
pass: It indicates permitting packets to
pass through; block: It indicates denying
packets passing through.
Function
This modifies intrusion
detection rule.
Description
This modifies intrusion detection rule.
This sets ID of the rule to be modified. dos
rule show can be used to view id of each
rule.
This is an ID string.
This sets statistics type of rule to be
modified.
This is the statistics type. User can give
choice according to demands.
This sets threshold of statistics type.
This is one number, which is the threshold.
109