Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

126

ServerIron ADX Security Guide

53-1002440-03

DDoS protection

5

lt

less-than

lteq

less-than-or-equals

neq

not-equals

The configured generic rule will have to be bound to a filter, to take effect.

ServerIronADX(config)# security filter filter1

ServerIronADX(config-sec-filter1)# rule generic gen1 drop

Syntax: {no} rule generic <generic-rule-name> [log | no-log] [drop | no-drop]

The <generic-rule-name> variable is the name of the preciously defined generic rule that
you want to bind to a filter:

The log parameter directs the ServerIron ADX to log traffic on the bound interface that matches the
generic rule specified by the configured <generic-rule-name>. The no-log parameter disables
this function.

The drop parameter directs the ServerIron ADX to drop traffic on the bound interface that matches
the generic rule specified by the configured <generic-rule-name>. The no-drop parameter
disables this function.

Table 13 describes some attack types that require a generic rule.

TABLE 12

Common attack types that require a generic rule

Attack Type

Description

Information tunneling

Attacker attempts to pass information in and out of the network incognito.
Packets appear to be performing one function. In reality, they are performing
another function. For example, a remote user may be engaged in a root shell
session on a protected host, but all transmissions appear to be ICMP echo
requests and replies.
Use security generic to handle this attack type.

Well Known Attacks

There are many documented attacks that can be identified by using a
pattern, also known as a signature.
Use security generic for this attack type. It provides you the flexibility of
locating attacks having a pattern.