Filter
Top Products
Chapter 22 IDP Commands
ZyWALL (ZLD) CLI Reference Guide
185
Note: You CANNOT change the base profile later!
Table 103 Editing/Creating Anomaly Profiles
COMMAND DESCRIPTION
idp anomaly newpro [base {all | none}] Creates a new IDP anomaly profile called newpro.
newpro uses the base profile you specify. Enters sub-
command mode. All the following commands relate to
the new profile. Use
exit to quit sub-command mode.
scan-detection sensitivity {low | medium | high} Sets scan-detection sensitivity.
no scan-detection sensitivity Clears scan-detection sensitivity. The default sensitivity
is medium.
scan-detection block-period <1..3600> Sets for how many seconds the ZyWALL blocks all
packets from being sent to the victim (destination) of a
detected anomaly attack.
[no] scan-detection {tcp-xxx} {activate | log
[alert] | block}
Activates TCP scan detection options where {tcp-xxx} =
{tcp-portscan | tcp-decoy-portscan | tcp-portsweep |
tcp-distributed-portscan | tcp-filtered-portscan | tcp-
filtered-decoy-portscan | tcp-filtered-distributed-
portscan | tcp-filtered-portsweep}. Also sets TCP scan-
detection logs or alerts and blocking.
no deactivates
TCP scan detection, its logs, alerts or blocking.
[no] scan-detection {udp-xxx} {activate | log
[alert] | block}
Activates or deactivates UDP scan detection options
where {udp-xxx} = {udp-portscan | udp-decoy-
portscan | udp-portsweep | udp-distributed-portscan |
udp-filtered-portscan | udp-filtered-decoy-portscan |
udp-filtered-distributed-portscan | udp-filtered-
portsweep}. Also sets UDP scan-detection logs or alerts
and blocking.
no deactivates UDP scan detection, its
logs, alerts or blocking.
[no] scan-detection {ip-xxx} {activate | log
[alert] | block}
Activates or deactivates IP scan detection options where
{ip-xxx} = {ip-protocol-scan | ip-decoy-protocol-scan |
ip-protocol-sweep | ip-distributed-protocol-scan | ip-
filtered-protocol-scan | ip-filtered-decoy-protocol-scan |
ip-filtered-distributed-protocol-scan | ip-filtered-
protocol-sweep}. Also sets IP scan-detection logs or
alerts and blocking.
no deactivates IP scan detection,
its logs, alerts or blocking.
[no] scan-detection {icmp-sweep | icmp-filtered-
sweep} {activate | log [alert] | block}
Activates or deactivates ICMP scan detection options.
Also sets ICMP scan-detection logs or alerts and
blocking.
no deactivates ICMP scan detection, its logs,
alerts or blocking.
[no] scan-detection open-port {activate | log
[alert] | block}
Activates or deactivates open port scan detection
options. Also sets open port scan-detection logs or
alerts and blocking.
no deactivates open port scan
detection, its logs, alerts or blocking.
flood-detection block-period <1..3600> Sets for how many seconds the ZyWALL blocks all
packets from being sent to the victim (destination) of a
detected anomaly attack.
[no] flood-detection {tcp-flood | udp-flood | ip-
flood | icmp-flood} {activate | log [alert] |
block}
Activates or deactivates TCP, UDP, IP or ICMP flood
detection. Also sets flood detection logs or alerts and
blocking.
no deactivates flood detection, its logs, alerts
or blocking.