ZyXEL Communications 3.1 User Manual
Chapter 22 IDP Commands
ZyWALL (ZLD) CLI Reference Guide
185
Note: You CANNOT change the base profile later!
Table 103
Editing/Creating Anomaly Profiles
COMMAND
DESCRIPTION
idp anomaly newpro [base {all | none}]
Creates a new IDP anomaly profile called newpro.
newpro
newpro
uses the base profile you specify. Enters sub-
command mode. All the following commands relate to
the new profile. Use
the new profile. Use
exit
to quit sub-command mode.
scan-detection sensitivity {low | medium | high}
Sets scan-detection sensitivity.
no scan-detection sensitivity
Clears scan-detection sensitivity. The default sensitivity
is medium.
is medium.
scan-detection block-period <1..3600>
Sets for how many seconds the ZyWALL blocks all
packets from being sent to the victim (destination) of a
detected anomaly attack.
packets from being sent to the victim (destination) of a
detected anomaly attack.
[no] scan-detection {tcp-xxx} {activate | log
[alert] | block}
Activates TCP scan detection options where {tcp-xxx} =
{tcp-portscan | tcp-decoy-portscan | tcp-portsweep |
tcp-distributed-portscan | tcp-filtered-portscan | tcp-
filtered-decoy-portscan | tcp-filtered-distributed-
portscan | tcp-filtered-portsweep}. Also sets TCP scan-
detection logs or alerts and blocking.
{tcp-portscan | tcp-decoy-portscan | tcp-portsweep |
tcp-distributed-portscan | tcp-filtered-portscan | tcp-
filtered-decoy-portscan | tcp-filtered-distributed-
portscan | tcp-filtered-portsweep}. Also sets TCP scan-
detection logs or alerts and blocking.
no
deactivates
TCP scan detection, its logs, alerts or blocking.
[no] scan-detection {udp-xxx} {activate | log
[alert] | block}
Activates or deactivates UDP scan detection options
where {udp-xxx} = {udp-portscan | udp-decoy-
portscan | udp-portsweep | udp-distributed-portscan |
udp-filtered-portscan | udp-filtered-decoy-portscan |
udp-filtered-distributed-portscan | udp-filtered-
portsweep}. Also sets UDP scan-detection logs or alerts
and blocking.
where {udp-xxx} = {udp-portscan | udp-decoy-
portscan | udp-portsweep | udp-distributed-portscan |
udp-filtered-portscan | udp-filtered-decoy-portscan |
udp-filtered-distributed-portscan | udp-filtered-
portsweep}. Also sets UDP scan-detection logs or alerts
and blocking.
no
deactivates UDP scan detection, its
logs, alerts or blocking.
[no] scan-detection {ip-xxx} {activate | log
[alert] | block}
Activates or deactivates IP scan detection options where
{ip-xxx} = {ip-protocol-scan | ip-decoy-protocol-scan |
ip-protocol-sweep | ip-distributed-protocol-scan | ip-
filtered-protocol-scan | ip-filtered-decoy-protocol-scan |
ip-filtered-distributed-protocol-scan | ip-filtered-
protocol-sweep}. Also sets IP scan-detection logs or
alerts and blocking.
{ip-xxx} = {ip-protocol-scan | ip-decoy-protocol-scan |
ip-protocol-sweep | ip-distributed-protocol-scan | ip-
filtered-protocol-scan | ip-filtered-decoy-protocol-scan |
ip-filtered-distributed-protocol-scan | ip-filtered-
protocol-sweep}. Also sets IP scan-detection logs or
alerts and blocking.
no
deactivates IP scan detection,
its logs, alerts or blocking.
[no] scan-detection {icmp-sweep | icmp-filtered-
sweep} {activate | log [alert] | block}
Activates or deactivates ICMP scan detection options.
Also sets ICMP scan-detection logs or alerts and
blocking.
Also sets ICMP scan-detection logs or alerts and
blocking.
no
deactivates ICMP scan detection, its logs,
alerts or blocking.
[no] scan-detection open-port {activate | log
[alert] | block}
Activates or deactivates open port scan detection
options. Also sets open port scan-detection logs or
alerts and blocking.
options. Also sets open port scan-detection logs or
alerts and blocking.
no
deactivates open port scan
detection, its logs, alerts or blocking.
flood-detection block-period <1..3600>
Sets for how many seconds the ZyWALL blocks all
packets from being sent to the victim (destination) of a
detected anomaly attack.
packets from being sent to the victim (destination) of a
detected anomaly attack.
[no] flood-detection {tcp-flood | udp-flood | ip-
flood | icmp-flood} {activate | log [alert] |
block}
Activates or deactivates TCP, UDP, IP or ICMP flood
detection. Also sets flood detection logs or alerts and
blocking.
detection. Also sets flood detection logs or alerts and
blocking.
no
deactivates flood detection, its logs, alerts
or blocking.