ip anomaly-drop¶
Set IP anomaly drop policy
anomaly-drop Specification¶
Type Configuration Resource Element Name anomaly-drop Element URI /axapi/v3/ip/anomaly-drop Element Attributes anomaly-drop_attributes Statistics Data URI /axapi/v3/ip/anomaly-drop/stats Schema anomaly-drop schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ip/anomaly-drop | ||
Get Object | GET | /axapi/v3/ip/anomaly-drop | ||
Modify Object | POST | /axapi/v3/ip/anomaly-drop | ||
Replace Object | PUT | /axapi/v3/ip/anomaly-drop | ||
Delete Object | DELETE | /axapi/v3/ip/anomaly-drop |
anomaly-drop attributes¶
bad-content
Description bad content threshold (threshold value)
Type: number
Range: 1-127
drop-all
Description drop all IP anomaly packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
frag
Description drop all fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-option
Description drop packets with IP options
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
land-attack
Description drop IP packets with the same source and destination addresses
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
out-of-sequence
Description out of sequence packet threshold (threshold value)
Type: number
Range: 1-127
packet-deformity
Description: packet-deformity is a JSON Block. Please see below for packet-deformity
Type: Object
ping-of-death
Description drop oversize ICMP packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable
Type: Listsecurity-attack
Description: security-attack is a JSON Block. Please see below for security-attack
Type: Object
tcp-no-flag
Description drop TCP packets with no flag
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-syn-fin
Description drop TCP packets with both syn and fin flags set
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-syn-frag
Description drop fragmented TCP packets with syn flag set
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
zero-window
Description zero window size threshold (threshold value)
Type: number
Range: 1-127
security-attack¶
Specification Type object security-attack-layer-3
Description drop packets with layer 3 anomaly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
security-attack-layer-4
Description drop packets with layer 4 anomaly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
packet-deformity¶
Specification Type object packet-deformity-layer-3
Description drop packets with layer 3 anomaly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
packet-deformity-layer-4
Description drop packets with layer 4 anomaly
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sampling-enable¶
Specification Type list Block object keys counters1
Description ‘all’: all; ‘land’: Land Attack Drop; ‘emp_frg’: Empty Fragment Drop; ‘emp_mic_frg’: Micro Fragment Drop; ‘opt’: IPv4 Options Drop; ‘frg’: IPv4 Fragment Drop; ‘bad_ip_hdrlen’: Bad IP Header Len Drop; ‘bad_ip_flg’: Bad IP Flags Drop; ‘bad_ip_ttl’: Bad IP TTL Drop; ‘no_ip_payload’: No IP Payload drop; ‘over_ip_payload’: Oversize IP Payload Drop; ‘bad_ip_payload_len’: Bad IP Payload Len Drop; ‘bad_ip_frg_offset’: Bad IP Fragment Offset Drop; ‘csum’: Bad IP Checksum Drop; ‘pod’: ICMP Ping of Death Drop; ‘bad_tcp_urg_offset’: TCP Bad Urgent Offset Drop; ‘tcp_sht_hdr’: TCP Short Header Drop; ‘tcp_bad_iplen’: TCP Bad IP Length Drop; ‘tcp_null_frg’: TCP Null Flags Drop; ‘tcp_null_scan’: TCP Null Scan Drop; ‘tcp_syn_fin’: TCP Syn and Fin Drop; ‘tcp_xmas’: TCP XMAS Flags Drop; ‘tcp_xmas_scan’: TCP XMAS Scan Drop; ‘tcp_syn_frg’: TCP Syn Fragment Drop; ‘tcp_frg_hdr’: TCP Fragmented Header Drop; ‘tcp_bad_csum’: TCP Bad Checksum Drop; ‘udp_srt_hdr’: UDP Short Header Drop; ‘udp_bad_len’: UDP Bad Length Drop; ‘udp_kerb_frg’: UDP Kerberos Fragment Drop; ‘udp_port_lb’: UDP Port Loopback Drop; ‘udp_bad_csum’: UDP Bad Checksum Drop; ‘runt_ip_hdr’: Runt IP Header Drop; ‘runt_tcp_udp_hdr’: Runt TCP/UDP Header Drop; ‘ipip_tnl_msmtch’: IP-over-IP Tunnel Mismatch Drop; ‘tcp_opt_err’: TCP Option Error Drop; ‘ipip_tnl_err’: IP-over-IP Tunnel Error Drop; ‘vxlan_err’: VXLAN Tunnel Error Drop; ‘nvgre_err’: GRE Tunnel Error Drop; ‘gre_pptp_err’: GRE PPTP Error Drop;
Type: string
Supported Values: all, land, emp_frg, emp_mic_frg, opt, frg, bad_ip_hdrlen, bad_ip_flg, bad_ip_ttl, no_ip_payload, over_ip_payload, bad_ip_payload_len, bad_ip_frg_offset, csum, pod, bad_tcp_urg_offset, tcp_sht_hdr, tcp_bad_iplen, tcp_null_frg, tcp_null_scan, tcp_syn_fin, tcp_xmas, tcp_xmas_scan, tcp_syn_frg, tcp_frg_hdr, tcp_bad_csum, udp_srt_hdr, udp_bad_len, udp_kerb_frg, udp_port_lb, udp_bad_csum, runt_ip_hdr, runt_tcp_udp_hdr, ipip_tnl_msmtch, tcp_opt_err, ipip_tnl_err, vxlan_err, nvgre_err, gre_pptp_err
stats data¶
| Counter | Size | Description | |
|---|---|---|---|
| tcp_frg_hdr | 8 | TCP Fragmented Header Drop | |
| tcp_null_frg | 8 | TCP Null Flags Drop | |
| over_ip_payload | 8 | Oversize IP Payload Drop | |
| udp_bad_csum | 8 | UDP Bad Checksum Drop | |
| nvgre_err | 8 | GRE Tunnel Error Drop | |
| tcp_syn_fin | 8 | TCP Syn and Fin Drop | |
| udp_kerb_frg | 8 | UDP Kerberos Fragment Drop | |
| tcp_syn_frg | 8 | TCP Syn Fragment Drop | |
| tcp_bad_iplen | 8 | TCP Bad IP Length Drop | |
| ipip_tnl_err | 8 | IP-over-IP Tunnel Error Drop | |
| csum | 8 | Bad IP Checksum Drop | |
| tcp_xmas | 8 | TCP XMAS Flags Drop | |
| pod | 8 | ICMP Ping of Death Drop | |
| tcp_bad_csum | 8 | TCP Bad Checksum Drop | |
| emp_frg | 8 | Empty Fragment Drop | |
| frg | 8 | IPv4 Fragment Drop | |
| bad_ip_ttl | 8 | Bad IP TTL Drop | |
| bad_ip_frg_offset | 8 | Bad IP Fragment Offset Drop | |
| tcp_sht_hdr | 8 | TCP Short Header Drop | |
| tcp_xmas_scan | 8 | TCP XMAS Scan Drop | |
| no_ip_payload | 8 | No IP Payload drop | |
| udp_bad_len | 8 | UDP Bad Length Drop | |
| opt | 8 | IPv4 Options Drop | |
| vxlan_err | 8 | VXLAN Tunnel Error Drop | |
| bad_ip_payload_len | 8 | Bad IP Payload Len Drop | |
| runt_ip_hdr | 8 | Runt IP Header Drop | |
| runt_tcp_udp_hdr | 8 | Runt TCP/UDP Header Drop | |
| emp_mic_frg | 8 | Micro Fragment Drop | |
| bad_ip_hdrlen | 8 | Bad IP Header Len Drop | |
| tcp_null_scan | 8 | TCP Null Scan Drop | |
| land | 8 | Land Attack Drop | |
| tcp_opt_err | 8 | TCP Option Error Drop | |
| bad_ip_flg | 8 | Bad IP Flags Drop | |
| udp_srt_hdr | 8 | UDP Short Header Drop | |
| udp_port_lb | 8 | UDP Port Loopback Drop | |
| bad_tcp_urg_offset | 8 | TCP Bad Urgent Offset Drop | |
| gre_pptp_err | 8 | GRE PPTP Error Drop | |
| ipip_tnl_msmtch | 8 | IP-over-IP Tunnel Mismatch Drop |