Alcatel-Lucent 6850-48 Reference Guide
Network Security Commands
OmniSwitch CLI Reference Guide
September 2009
page 61-5
Defaults
Platforms Supported
OmniSwitch 6850, 6855, 9000, 9000E
Usage Guidelines
• Use the no form of this command to reset to default value.
• Use the parameter period to set the time to observe traffic on a port to detect anomalies. Accuracy and
latency of algorithm is proportional to the time period.
• Use the parameter count to configure the minimum traffic required to activate anomaly detection.
Accuracy of detection is proportional to count.
• Use the parameter sensitivity to check anomaly sensitivity of deviation from the expected traffic
pattern. Accuracy of detection is proportional to sensitivity.
• The following table lists the netsec anomaly command options for specifying anomalies:
parameter
default
state enable | disable disable
log enable | disable
disable
trap enable | disable
disable
quarantine enable | disable
disable
period seconds
30
sensitivity num
50
anomaly name
count
defaults
defaults
arp-addr-scan
50
arp-flood
90
arp-failure
6
icmp-addr-scan
30
icmp-flood
90
icmp-unreachable
20
tcp-port-scan
20
tcp-addr-scan
30
syn-flood
90
syn-failure
10
syn-ack-scan
2
fin-scan
6
fin-ack-diff
5
rst-count
50