ip anomaly-drop¶
Set IP anomaly drop policy
anomaly-drop Specification¶
Type
Configuration Resource
Element Name
anomaly-drop
Element URI
/axapi/v3/ip/anomaly-drop
Element Attributes
anomaly-drop_attributes
Statistics Data URI
/axapi/v3/ip/anomaly-drop/stats
Schema
Operations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ip/anomaly-drop | ||
Get Object | GET | /axapi/v3/ip/anomaly-drop | ||
Modify Object | POST | /axapi/v3/ip/anomaly-drop | ||
Replace Object | PUT | /axapi/v3/ip/anomaly-drop | ||
Delete Object | DELETE | /axapi/v3/ip/anomaly-drop |
anomaly-drop attributes¶
bad-content
Description bad content threshold (threshold value)
Type: number
Range: 1-127
drop-all
Description drop all IP anomaly packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
frag
Description drop all fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-option
Description drop packets with IP options
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
land-attack
Description drop IP packets with the same source and destination addresses
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
out-of-sequence
Description out of sequence packet threshold (threshold value)
Type: number
Range: 1-127
packet-deformity
Description: packet-deformity is a JSON Block. Please see below for packet-deformity
Type: Object
ping-of-death
Description drop oversize ICMP packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
security-attack
Description: security-attack is a JSON Block. Please see below for security-attack
Type: Object
tcp-no-flag
Description drop TCP packets with no flag
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-syn-fin
Description drop TCP packets with both syn and fin flags set
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-syn-frag
Description drop fragmented TCP packets with syn flag set
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zero-window
Description zero window size threshold (threshold value)
Type: number
Range: 1-127
security-attack¶
Specification
Type
object
security-attack-layer-3
Description drop packets with layer 3 anomaly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
security-attack-layer-4
Description drop packets with layer 4 anomaly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
packet-deformity¶
Specification
Type
object
packet-deformity-layer-3
Description drop packets with layer 3 anomaly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
packet-deformity-layer-4
Description drop packets with layer 4 anomaly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
stats data¶
Counter |
Size |
Description |
|
|---|---|---|---|
tcp_frg_hdr |
8 |
TCP Fragmented Header Drop |
|
tcp_null_frg |
8 |
TCP Null Flags Drop |
|
over_ip_payload |
8 |
Oversize IP Payload Drop |
|
udp_bad_csum |
8 |
UDP Bad Checksum Drop |
|
nvgre_err |
8 |
GRE Tunnel Error Drop |
|
tcp_syn_fin |
8 |
TCP Syn and Fin Drop |
|
udp_kerb_frg |
8 |
UDP Kerberos Fragment Drop |
|
tcp_syn_frg |
8 |
TCP Syn Fragment Drop |
|
tcp_bad_iplen |
8 |
TCP Bad IP Length Drop |
|
ipip_tnl_err |
8 |
IP-over-IP Tunnel Error Drop |
|
csum |
8 |
Bad IP Checksum Drop |
|
tcp_xmas |
8 |
TCP XMAS Flags Drop |
|
pod |
8 |
ICMP Ping of Death Drop |
|
tcp_bad_csum |
8 |
TCP Bad Checksum Drop |
|
emp_frg |
8 |
Empty Fragment Drop |
|
frg |
8 |
IPv4 Fragment Drop |
|
bad_ip_ttl |
8 |
Bad IP TTL Drop |
|
bad_ip_frg_offset |
8 |
Bad IP Fragment Offset Drop |
|
tcp_sht_hdr |
8 |
TCP Short Header Drop |
|
tcp_xmas_scan |
8 |
TCP XMAS Scan Drop |
|
no_ip_payload |
8 |
No IP Payload drop |
|
udp_bad_len |
8 |
UDP Bad Length Drop |
|
opt |
8 |
IPv4 Options Drop |
|
vxlan_err |
8 |
VXLAN Tunnel Error Drop |
|
bad_ip_payload_len |
8 |
Bad IP Payload Len Drop |
|
runt_ip_hdr |
8 |
Runt IP Header Drop |
|
runt_tcp_udp_hdr |
8 |
Runt TCP/UDP Header Drop |
|
emp_mic_frg |
8 |
Micro Fragment Drop |
|
bad_ip_hdrlen |
8 |
Bad IP Header Len Drop |
|
tcp_null_scan |
8 |
TCP Null Scan Drop |
|
land |
8 |
Land Attack Drop |
|
tcp_opt_err |
8 |
TCP Option Error Drop |
|
bad_ip_flg |
8 |
Bad IP Flags Drop |
|
udp_srt_hdr |
8 |
UDP Short Header Drop |
|
udp_port_lb |
8 |
UDP Port Loopback Drop |
|
bad_tcp_urg_offset |
8 |
TCP Bad Urgent Offset Drop |
|
gre_pptp_err |
8 |
GRE PPTP Error Drop |
|
ipip_tnl_msmtch |
8 |
IP-over-IP Tunnel Mismatch Drop |