Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 4.0) - Index [Cisco Services Modules]

Table Of Contents

A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z

Index

A

AAA

authentication4-5

configuring4-3

aaa authentication command4-5

action command7-21

action flow9-7

add-service command7-11

admin privilege level3-2

all-zone activation form5-14

always-accept7-22

always-ignore7-22

analysis module7-13

anomaly

detected9-3

flow9-5

AP, booting to2-12

application partition

See AP

arp command10-13

attack report

copying9-8

detected anomalies9-3

exporting9-7

layout9-2

statistics9-3

timing9-2

viewing9-5

authentication, configuring4-5

authorization, configuring4-8

auth packet types7-13

automatic protection mode1-5

B

Berkley Packet filter6-5

boot command2-12

burn flash10-29

Bypass filter1-5

command6-9

configuring6-9

definition6-2

deleting6-10

viewing6-10

C

capture, packets10-20

caution

symbol overviewxxii

CFE10-26, 10-29

clear log command10-7

CLI

changing prompt4-22

command shortcuts3-7

error messages3-5

getting help3-6

issuing commands3-3

TAB completion3-6

using3-2

command line interface

See CLI3-2

command shortcuts3-7

config privilege level3-2

configuration

file

copying10-8

exporting10-8

importing10-9

viewing4-13

saving on supervisor2-1

constructing policies5-7

copy commands

ftp running-config10-9

log10-4, 10-6

reports9-8

running-config10-8

zone log10-6

copy-services command7-25

counters, viewing5-16

cpu utilization10-12

D

date command4-19

DDoS

overview1-1

default-gateway command3-10

description command5-3

detect command5-14

detected

anomalies9-3

flow9-7

diagnostics10-10

diff command7-24

disable command7-9

distributed denial of service

See DDoS

DNS

detected anomalies9-3

TCP policy templates7-4

dst traffic characteristics7-14

Dynamic filter1-6

command6-14

deleting6-13

overview6-11

preventing production of6-14

sorting6-11

viewing6-11

dynamic privilege level3-2

E

enable

command4-9, 7-9

password command4-9

enabling services4-2

event log10-4

event monitor command10-4

export command10-5

exporting

configuration file10-8

log file10-6

reports9-8

export reports command9-8

F

facility10-5

filters

Bypass1-5, 6-9

Dynamic1-6, 6-11

Flex1-6, 6-5

overview6-1

first-hit4-11

flash-burn command10-29

Flex filter1-6

command6-5

configuring6-5

definition6-2

deleting6-5

viewing6-8

fragments

detected anomalies9-3

policy template7-4

G

global traffic characteristics7-14

Guard-protection activation forms5-14

H

host, logging10-5

host keys

deleting4-19

hostname

changing4-22

command4-22

HTTP

detected anomalies9-3

policy template7-5

hw-module commands2-11

I

in packet types7-13

installation

verifying2-2

interactive

command5-14

deactivating5-14

operation mode8-3

policy status7-22

interactive protection mode1-5

interactive recommendations mode, See recommendations

interactive-status command7-22

interface

activating3-8, 3-9

command3-9

configuring IP address3-9to??

ip address command

interface3-9to??

zone5-3

IP scan

detected anomalies9-4

policy template7-5

K

key command

add4-19, 4-20

generate4-17, 4-19

remove4-21

L

learning

command5-9, 5-11

constructing policies5-7

overview5-6

policy-construction command5-8

terminating process5-9, 5-11

threshold-tuning command5-10

tuning thresholds5-9

LINK templates5-7

log file

clearing10-7

exporting10-4, 10-6

viewing10-6

logging command10-5

M

maintenance partition

See MP

management

overview3-8

port2-3, 3-8, 3-9

SSH3-12

VLAN2-3

WBM3-11

max-services command7-8

memory consumption10-12

min-threshold command7-8

modules

analysis7-13

overview7-13

recognition10-12

monitoring

network traffic10-20

MP, booting to2-12

mtu command3-9

N

netstat command10-15

no learning command5-9, 5-11

notify policy action7-21

O

only-dest-ip activation form5-15

other protocols

detected anomalies9-3

policy template7-5

out_pkts packet types7-13

P

packet-dump command10-20

packets, capturing10-20

password

changing4-7

enabling4-9

pending filters

viewing8-6

permit

command3-11, 3-12, 4-2

ping command10-19

pkts packet type7-14

policy

action7-16, 7-21, 7-22

activating7-18

adding services7-11

command7-15, 7-16

constructing1-4, 5-7, 7-4

copy-services7-25

deleting service7-12

disabling7-18

inactivating7-18

multiplying thresholds7-19

packet types7-13

show statistics7-27

state7-18

structure7-2

threshold7-4, 7-16, 7-19

timeout7-16, 7-21

traffic characteristics7-14

tuning thresholds1-4, 5-7, 5-9, 7-4

viewing statistics5-10, 7-27

policy template

command7-6, 7-7, 7-9

configuration command level7-7

max-services7-8

min-threshold7-8

overview7-4

parameters7-6

state7-9

policy-type activation form5-15

port

data3-8, 3-9

management3-8, 3-9

port scan

detected anomalies9-4

policy template7-5

power enable command2-12

privilege levels3-2

assigning passwords4-9

moving between4-9

protect

activation forms5-14

automatic mode1-5

interactive mode1-5

protect-ip-state command5-15

protocol traffic characteristics7-15

public key

generating4-17

R

rates, viewing5-16

reactivate-zones3-13

rebooting

parameters3-13

recognition module10-12

recommendations

accepting8-8

activating5-13, 8-3, 8-7

command8-7

deactivating8-3

ignoring8-8

overview5-13, 8-2

receiving notification8-2

viewing8-2, 8-3

viewing pending-filters8-6

reload command3-12

remote-activate policy action7-21

remote-guard command4-16

remote Guards

activating4-15, 5-12

command5-12

default list4-16

list5-12

list activation order5-12

report

See attack report9-2

reports

details9-5

reqs packet type7-13

reset command2-11

running-config

copy10-8

copy ftp10-9

show4-13

S

service

adding7-11

command3-11, 4-2

deleting7-12

permissions4-2

snmp-trap4-22

wbm3-11

services

enabling4-2

set-action7-22

show commands

counters5-16

cpu10-12

diagnostic-info10-11

dynamic-filters6-11

host-keys4-19

log10-6

memory10-12

module2-2

policies7-26

policies statistics5-10, 7-27

rates5-16

recommendations8-4, 8-5

recommendations pending-filters8-6

reports details9-5

running-config4-13

show10-2

sorting dynamic-filters6-11

templates5-5

zone policies7-26

show privilege level3-2

shutdown command3-9

snapshot command7-23

SNMP, configuring trap generator4-22

snmp commands

community4-24

trap-dest4-22

SPAN, configuring2-7

specific IP threshold7-20

src traffic characteristics7-14

SSH

configuring3-12

deleting keys4-21

generating key4-17

host key4-18

state command7-18

supervisor module

booting2-12

configuring2-1

powering off2-12

resetting2-11

saving configuration2-1

shutting down2-11

supported versions10-24

verifying configuration2-13

syn_by_fin packet type7-14

syns packet type7-13

syslog

configuring export parameters10-5

configuring server10-5

message format10-4

T

TACACS+

authentication

key generate command4-17

clearing statistics4-13

configuring search4-11

configuring server4-10

server connection timeout4-12

server encryption key4-11

server IP address4-10

viewing statistics4-13

tacacs-server commands

clear statistics4-13

first-hit4-11

host4-10

key4-11

show statistics4-13

timeout4-12

TCP

detected anomalies9-3

policy templates7-5

templates

LINK5-7

viewing policies5-5

zone5-5

thresh-mult7-19

threshold

command7-19

configuring specific IP7-20

tuning1-4, 5-7

time, configuring4-19

timeout command7-21

traceroute command10-18

traffic

monitoring10-20

traffic sources

capturing2-3

configuring2-3

SPAN2-4

VACL2-4

trap10-5

trap-dest4-22

tuning policy thresholds5-9

U

UDP

detected anomalies9-3

policy templates7-6

unauth_pkts packet type7-14

unauthenticated TCP detected anomalies9-3

user

detected anomalies9-4

username command4-6

users

adding4-6

adding new4-6

assigning privilege levels4-6

deleting4-7

privilege levels3-2, 4-8

V

VACL, configuring2-4

W

warning

symbol overviewxxii

WBM

activating3-11

X

XML schema9-8to 9-10

Z

zone

command5-4, 5-6, 8-3

copying5-6

creating5-4

definition1-3

detection5-14

duplicating5-6

IP address5-3

learning5-6

LINK templates5-7

operation mode5-4

reconfiguring5-2

remote Guard list5-12

templates5-5

viewing configuration5-3

viewing policies7-26

viewing status10-2

	Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 4.0)
	Index
Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 4.0) Index Preface Introduction Configuring the Detector Module on the Supervisor Engine Module Initializing the Detector Module Configuring the Detector Module Configuring Zones Configuring Zone Filters Configuring Policy Templates and Policies Interactive Detect Mode Attack Reports Detector Module Diagnostics and Maintenance Glossary	Download this chapter Index Download the complete book Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 4.0) Book-Length PDF (PDF - 2 MB) Table Of Contents A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z Index A AAA authentication4-5 configuring4-3 aaa authentication command4-5 action command7-21 action flow9-7 add-service command7-11 admin privilege level3-2 all-zone activation form5-14 always-accept7-22 always-ignore7-22 analysis module7-13 anomaly detected9-3 flow9-5 AP, booting to2-12 application partition See AP arp command10-13 attack report copying9-8 detected anomalies9-3 exporting9-7 layout9-2 statistics9-3 timing9-2 viewing9-5 authentication, configuring4-5 authorization, configuring4-8 auth packet types7-13 automatic protection mode1-5 B Berkley Packet filter6-5 boot command2-12 burn flash10-29 Bypass filter1-5 command6-9 configuring6-9 definition6-2 deleting6-10 viewing6-10 C capture, packets10-20 caution symbol overviewxxii CFE10-26, 10-29 clear log command10-7 CLI changing prompt4-22 command shortcuts3-7 error messages3-5 getting help3-6 issuing commands3-3 TAB completion3-6 using3-2 command line interface See CLI3-2 command shortcuts3-7 config privilege level3-2 configuration file copying10-8 exporting10-8 importing10-9 viewing4-13 saving on supervisor2-1 constructing policies5-7 copy commands ftp running-config10-9 log10-4, 10-6 reports9-8 running-config10-8 zone log10-6 copy-services command7-25 counters, viewing5-16 cpu utilization10-12 D date command4-19 DDoS overview1-1 default-gateway command3-10 description command5-3 detect command5-14 detected anomalies9-3 flow9-7 diagnostics10-10 diff command7-24 disable command7-9 distributed denial of service See DDoS DNS detected anomalies9-3 TCP policy templates7-4 dst traffic characteristics7-14 Dynamic filter1-6 command6-14 deleting6-13 overview6-11 preventing production of6-14 sorting6-11 viewing6-11 dynamic privilege level3-2 E enable command4-9, 7-9 password command4-9 enabling services4-2 event log10-4 event monitor command10-4 export command10-5 exporting configuration file10-8 log file10-6 reports9-8 export reports command9-8 F facility10-5 filters Bypass1-5, 6-9 Dynamic1-6, 6-11 Flex1-6, 6-5 overview6-1 first-hit4-11 flash-burn command10-29 Flex filter1-6 command6-5 configuring6-5 definition6-2 deleting6-5 viewing6-8 fragments detected anomalies9-3 policy template7-4 G global traffic characteristics7-14 Guard-protection activation forms5-14 H host, logging10-5 host keys deleting4-19 hostname changing4-22 command4-22 HTTP detected anomalies9-3 policy template7-5 hw-module commands2-11 I in packet types7-13 installation verifying2-2 interactive command5-14 deactivating5-14 operation mode8-3 policy status7-22 interactive protection mode1-5 interactive recommendations mode, See recommendations interactive-status command7-22 interface activating3-8, 3-9 command3-9 configuring IP address3-9to?? ip address command interface3-9to?? zone5-3 IP scan detected anomalies9-4 policy template7-5 K key command add4-19, 4-20 generate4-17, 4-19 remove4-21 L learning command5-9, 5-11 constructing policies5-7 overview5-6 policy-construction command5-8 terminating process5-9, 5-11 threshold-tuning command5-10 tuning thresholds5-9 LINK templates5-7 log file clearing10-7 exporting10-4, 10-6 viewing10-6 logging command10-5 M maintenance partition See MP management overview3-8 port2-3, 3-8, 3-9 SSH3-12 VLAN2-3 WBM3-11 max-services command7-8 memory consumption10-12 min-threshold command7-8 modules analysis7-13 overview7-13 recognition10-12 monitoring network traffic10-20 MP, booting to2-12 mtu command3-9 N netstat command10-15 no learning command5-9, 5-11 notify policy action7-21 O only-dest-ip activation form5-15 other protocols detected anomalies9-3 policy template7-5 out_pkts packet types7-13 P packet-dump command10-20 packets, capturing10-20 password changing4-7 enabling4-9 pending filters viewing8-6 permit command3-11, 3-12, 4-2 ping command10-19 pkts packet type7-14 policy action7-16, 7-21, 7-22 activating7-18 adding services7-11 command7-15, 7-16 constructing1-4, 5-7, 7-4 copy-services7-25 deleting service7-12 disabling7-18 inactivating7-18 multiplying thresholds7-19 packet types7-13 show statistics7-27 state7-18 structure7-2 threshold7-4, 7-16, 7-19 timeout7-16, 7-21 traffic characteristics7-14 tuning thresholds1-4, 5-7, 5-9, 7-4 viewing statistics5-10, 7-27 policy template command7-6, 7-7, 7-9 configuration command level7-7 max-services7-8 min-threshold7-8 overview7-4 parameters7-6 state7-9 policy-type activation form5-15 port data3-8, 3-9 management3-8, 3-9 port scan detected anomalies9-4 policy template7-5 power enable command2-12 privilege levels3-2 assigning passwords4-9 moving between4-9 protect activation forms5-14 automatic mode1-5 interactive mode1-5 protect-ip-state command5-15 protocol traffic characteristics7-15 public key generating4-17 R rates, viewing5-16 reactivate-zones3-13 rebooting parameters3-13 recognition module10-12 recommendations accepting8-8 activating5-13, 8-3, 8-7 command8-7 deactivating8-3 ignoring8-8 overview5-13, 8-2 receiving notification8-2 viewing8-2, 8-3 viewing pending-filters8-6 reload command3-12 remote-activate policy action7-21 remote-guard command4-16 remote Guards activating4-15, 5-12 command5-12 default list4-16 list5-12 list activation order5-12 report See attack report9-2 reports details9-5 reqs packet type7-13 reset command2-11 running-config copy10-8 copy ftp10-9 show4-13 S service adding7-11 command3-11, 4-2 deleting7-12 permissions4-2 snmp-trap4-22 wbm3-11 services enabling4-2 set-action7-22 show commands counters5-16 cpu10-12 diagnostic-info10-11 dynamic-filters6-11 host-keys4-19 log10-6 memory10-12 module2-2 policies7-26 policies statistics5-10, 7-27 rates5-16 recommendations8-4, 8-5 recommendations pending-filters8-6 reports details9-5 running-config4-13 show10-2 sorting dynamic-filters6-11 templates5-5 zone policies7-26 show privilege level3-2 shutdown command3-9 snapshot command7-23 SNMP, configuring trap generator4-22 snmp commands community4-24 trap-dest4-22 SPAN, configuring2-7 specific IP threshold7-20 src traffic characteristics7-14 SSH configuring3-12 deleting keys4-21 generating key4-17 host key4-18 state command7-18 supervisor module booting2-12 configuring2-1 powering off2-12 resetting2-11 saving configuration2-1 shutting down2-11 supported versions10-24 verifying configuration2-13 syn_by_fin packet type7-14 syns packet type7-13 syslog configuring export parameters10-5 configuring server10-5 message format10-4 T TACACS+ authentication key generate command4-17 clearing statistics4-13 configuring search4-11 configuring server4-10 server connection timeout4-12 server encryption key4-11 server IP address4-10 viewing statistics4-13 tacacs-server commands clear statistics4-13 first-hit4-11 host4-10 key4-11 show statistics4-13 timeout4-12 TCP detected anomalies9-3 policy templates7-5 templates LINK5-7 viewing policies5-5 zone5-5 thresh-mult7-19 threshold command7-19 configuring specific IP7-20 tuning1-4, 5-7 time, configuring4-19 timeout command7-21 traceroute command10-18 traffic monitoring10-20 traffic sources capturing2-3 configuring2-3 SPAN2-4 VACL2-4 trap10-5 trap-dest4-22 tuning policy thresholds5-9 U UDP detected anomalies9-3 policy templates7-6 unauth_pkts packet type7-14 unauthenticated TCP detected anomalies9-3 user detected anomalies9-4 username command4-6 users adding4-6 adding new4-6 assigning privilege levels4-6 deleting4-7 privilege levels3-2, 4-8 V VACL, configuring2-4 W warning symbol overviewxxii WBM activating3-11 X XML schema9-8to 9-10 Z zone command5-4, 5-6, 8-3 copying5-6 creating5-4 definition1-3 detection5-14 duplicating5-6 IP address5-3 learning5-6 LINK templates5-7 operation mode5-4 reconfiguring5-2 remote Guard list5-12 templates5-5 viewing configuration5-3 viewing policies7-26 viewing status10-2
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.