126 ServerIron ADX Security Guide
53-1002440-03
DDoS protection
5
lt less-than
lteq less-than-or-equals
neq not-equals
The configured generic rule will have to be bound to a filter, to take effect.
ServerIronADX(config)# security filter filter1
ServerIronADX(config-sec-filter1)# rule generic gen1 drop
Syntax: {no} rule generic <generic-rule-name> [log | no-log] [drop | no-drop]
The <generic-rule-name> variable is the name of the preciously defined generic rule that
you want to bind to a filter:
The log parameter directs the ServerIron ADX to log traffic on the bound interface that matches the
generic rule specified by the configured <generic-rule-name>. The no-log parameter disables
this function.
The drop parameter directs the ServerIron ADX to drop traffic on the bound interface that matches
the generic rule specified by the configured <generic-rule-name>. The no-drop parameter
disables this function.
Table 13 describes some attack types that require a generic rule.
TABLE 12 Common attack types that require a generic rule
Attack Type Description
Information tunneling Attacker attempts to pass information in and out of the network incognito.
Packets appear to be performing one function. In reality, they are performing
another function. For example, a remote user may be engaged in a root shell
session on a protected host, but all transmissions appear to be ICMP echo
requests and replies.
Use security generic to handle this attack type.
Well Known Attacks There are many documented attacks that can be identified by using a
pattern, also known as a signature.
Use security generic for this attack type. It provides you the flexibility of
locating attacks having a pattern.