Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 5.0) - Index [Cisco Services Modules]

Table Of Contents
Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z

Symbols

# 9-5

A

AAA

accounting 4-16

authentication 4-6

authorization 4-13

configuring 4-4

aaa accounting command 4-16

aaa authentication command 4-6

aaa authorization command 4-13

accounting, configuring 4-16

action command 7-27

action flow 9-9

add-service command 7-14

admin privilege level 3-2

always-accept 7-28

always-ignore 7-28

analysis detection level 7-16

anomaly

detected 9-3

flow 9-5

AP

booting to 2-13

clearing configuration 11-17

clearing passwords 11-17, 11-18

upgrading 11-8

upgrading, inline 11-13

application partition

See AP

arp command 10-32

attack report

copying 9-10, 9-11

detected anomalies 9-3

exporting 9-9

exporting automatically 9-10

layout 9-2

notify 9-5

statistics 9-3

timing 9-2

viewing 9-6

attack type

detected attack 9-7

auth packet types 7-16

authentication, configuring 4-6

authorization, configuring 4-10, 4-12

automatic detect mode 1-6, 5-51

automatic protection mode 5-51

B

Berkley Packet filter 6-12

boot command 2-13

burn flash 11-16

Bypass filter

command 6-17

configuring 6-16

definition 1-7, 6-2

deleting 6-19

viewing 6-18

C

capture, packets 10-16

caution

symbol overview xxvi

CFE 11-10, 11-15, 11-16

clear ap config command 11-17

clear ap password command 11-17, 11-18

clear log command 10-11

CLI

changing prompt 4-35

command shortcuts 3-9

error messages 3-7

getting help 3-8

issuing commands 3-5

TAB completion 3-8

using 3-2

command line interface

See CLI 3-2

command shortcuts 3-9

config privilege level 3-2

configuration

file

copying 11-2

exporting 11-2

importing 11-3

viewing 10-2

saving on supervisor 2-1

configuration mode 3-3

configuration, accessing command mode 4-15

configure command 3-10

constructing policies 5-14

copy command

packet-dump 10-20

copy commands

ftp running-config 5-41, 11-4

log 10-7, 10-10

reports 9-11

running-config 11-2

zone log 10-10

copy guard-running-config command 5-38, 5-40

copy-from-this 5-7

copy-policies command 7-43

counters

history 10-4

counters, viewing 10-4

cpu utilization 10-31

D

date command 4-31

DDoS

overview 1-3

deactivate command 5-18, 5-51

deactivating commands

commands, dedactivating 3-6

default configuration, returning to 11-17

default-gateway command 3-13

description command 5-10

detect

automatic mode 1-6, 5-51

interactive mode 1-6, 5-51

detect command 5-50

detect learning command 5-17

detected

anomalies 9-3

flow 9-9

detected attack 9-7

detection level

analysis 7-16

diff command 7-40, 7-41

disable command 7-10

distributed denial of service

See DDoS

DNS

detected anomalies 9-3

TCP policy templates 7-5

tcp protocol flow 9-7

dst traffic characteristics 7-17

dst-ip-by-ip activation form 5-45, 5-52

dst-ip-by-name activation form 5-52

Dynamic filter

command 6-23

definition 1-7

deleting 6-23

overview 6-2, 6-20

preventing production of 6-24

sorting 6-20

viewing 6-20

worm 7-32

Dynamic filters

1000 and more 6-21

displaying events 10-8

dynamic privilege level 3-2

E

enable

command 4-13, 7-10

password command 4-12

enabling services 4-3

entire-zone activation form 5-52

even log

deactivating 10-7

event log

activating 10-7

event monitor command 10-7

export command 10-8

packet-dump 10-18

export packet-dump command 10-19

export reports command 9-10

exporting

configuration file 11-2

log file 10-10

reports automatically 9-10

exporting GUARD configuration 5-38, 5-40

extracting signatures 10-25

F

facility 10-8

filters

Bypass 1-7, 6-16

Dynamic 1-7, 6-2, 6-20

Flex-Content 1-7, 6-4

overview 6-2

first-hit 4-20

fixed-threshold 7-22

flash-burn command 11-16

Flex-Content filter

configuring 6-5

definition 1-7, 6-2

renumbering 6-5

viewing 6-14

flex-content filter

displaying 6-14

filtering criteria 6-4

fragments 9-7

detected anomalies 9-3

policy template 7-5

ftp-server command 5-36

G

generating signatures 10-25

global mode 3-3

global traffic characteristics 7-17

Guard

configuration mode 3-4

GUARD configuration, exporting 5-38, 5-40

guard-conf command 5-29

Guard-protection activation methods 5-51

H

histogram command 7-30

host keys

deleting 4-27, 4-30

host, logging 10-8

hostname

changing 4-35

command 4-35

HTTP

detected anomalies 9-3

policy template 7-5

hw-module command 11-9, 11-11, 11-13, 11-18

hw-module commands 2-12

hybrid 9-7

I

in packet types 7-16

inline upgrade 11-13

installation

verifying 2-2

interactive

operation mode 8-3

policy status 7-28

interactive detect mode 1-6, 5-51

interactive protection mode 5-51

interactive-status command 7-28

interface

activating 3-10, 3-12

command 3-11

configuration mode 3-3

configuring IP address 3-11

ip address

modifying, zone 5-10

ip address command

interface 3-11

zone 5-9

IP scan 9-7

detected anomalies 9-3

policy template 7-5

K

key command

add 4-31, 4-32

generate 4-25, 4-29, 4-34

remove 4-33

L

learning

command 5-16, 5-19

constructing policies 5-14

overview 5-11

policy-construction command 5-15

synchronizing results 5-13

terminating process 5-16, 5-19

threshold-tuning command 5-17, 5-18

tuning thresholds 5-17

learning accept command 5-16, 5-19

learning params

threshold-selection command 5-23

learning-params

deactivating periodic action 5-19

deactivating periodic-action command 5-16

periodic-action command 5-16, 5-19, 5-22, 5-31

threshold-multiplier command 7-23

threshold-selection command 5-19

threshold-tuned command 5-10, 5-25

learning-params command 5-31

learning-params fixed-threshold command 7-22

LINK templates 5-15

log file

clearing 10-11

exporting 10-7, 10-10

viewing 10-9

logging command 10-8

logging, viewing configuration 10-9

M

maintenance partition

See MP

management

overview 3-13

port 2-3, 3-10, 3-11

SSH 3-15

VLAN 2-3

WBM 3-14

max-services command 7-9

memory consumption 10-31

MIB, supported 4-2

min-threshold command 7-10

modules

recognition 10-31

monitoring

network traffic 10-18, 10-20

MP

booting to 2-13

upgrading 11-11

upgrading, inline 11-13

mtu command 3-11

N

netstat command 10-35

no learning command 5-16, 5-19

no proxy policy templates 7-7

non_estb_conns packet type 7-16

notify 9-5

notify policy action 7-27

ns policy templates 7-7

O

other protocols

detected anomalies 9-3

policy template 7-5

out_pkts packet types 7-16

P

packet-dump

auto-capture command 10-15

automatic

activating 10-13

deactivating 10-15

displaying settings 10-15

exporting 10-18, 10-19, 10-20

signatures 10-26

packet-dump command 10-16

packets, capturing 10-16

password

changing 4-9

enabling 4-12

encrypted 4-8

recovering 11-17, 11-18

password, recovering 11-18

pending Dynamic filters 8-2

viewing 8-6

periodic action

accepting policies automatically 5-19

acepting policies automatically 5-16

deactivating 5-16, 5-19

permit

command 3-14, 3-15, 4-3

ping command 10-40

pkts packet type 7-17

policy

action 7-19, 7-27

activating 7-19

adding services 7-13

backing up current 5-12, 7-39, 7-44

command 7-18

configuration mode 3-4

constructing 1-5, 5-12, 5-14, 7-4

copying parameters 7-43

copy-policies 7-43

deleting services 7-14

disabling 7-20

inactivating 7-19

learning-params, fixed-threshold command 7-22

marking as tuned 5-10, 5-25

marking threshold as fixed 7-22

multiplying thresholds 7-24

navigating path 7-18

packet types 7-16

show statistics 7-35

state 7-19

structure 7-2

threshold 7-4, 7-19, 7-21

threshold-list command 7-25

timeout 7-19, 7-26

traffic characteristics 7-17

tuning thresholds 1-5, 5-12, 5-17, 7-4

using wildcards 7-19

viewing statistics 5-20

policy set-timeout command 7-26

policy template

command 7-7, 7-8, 7-10

configuration command level 7-8

configuration mode 3-4

displaying list 7-7

max-services 7-9

min-threshold 7-10

overview 7-4, 7-12

parameters 7-7

state 7-10

worm_tcp 7-8

policy-template add-service command 7-14

policy-template remove service command 7-14

policy-type activation form 5-52

port

data 3-10, 3-11

management 3-10, 3-11

port scan 9-7

detected anomalies 9-3

policy template 7-5

power enable command 2-13

privilege levels 3-2

assigning passwords 4-12

moving between 4-13

protect

activation methods 5-51

deactivating 5-51

protect command 5-51

protect-ip-state command 5-53

protocol traffic characteristics 7-17

proxy

no proxy policy templates 7-7

public-key

displaying 4-34

R

rates

history 10-4

rates, viewing 10-4

reactivate-zones 11-6

rebooting

parameters 11-6

recognition module 10-31

recommendations

accepting 8-8

activating 8-3, 8-7

change decision 7-28

command 8-7

deactivating 8-3

displaying 8-2

ignoring 8-8

overview 8-2

receiving notification 8-2

viewing 8-4

viewing pending-filters 8-6

reload command 11-5

remote Guard list

displaying 5-47

remote Guards

activating 5-44

default list 5-46

list 5-47

list activation order 5-47

remote-activate policy action 7-27

remote-guard command 5-46, 5-48

remove service command 7-14

renumbering Flex-Content filters 6-5

report

See attack report 9-2

reports

details 9-6

reqs packet type 7-17

reset command 2-12

running-config

copy 11-2

copy ftp 5-41, 11-4

show 10-2

S

scanners traffic characteristics 7-18

service

adding 7-13

command 3-14, 4-3

copy 7-43

deleting 7-14

permissions 4-3

snmp-trap 4-36

wbm 3-14

services

enabling 4-3

set-action 7-27

show commands

counters 10-4

cpu 10-31

diagnostic-info 10-30

dynamic-filters 6-20

flex-content-filter 6-14

host-keys 4-26, 4-30

log 10-9

log export-ip 10-9

logging 10-9

memory 10-31

module 2-2, 11-9, 11-11, 11-12

packet-dump 10-15

packet-dump signatures 10-26

policies 7-33

policies statistics 5-20, 7-35

public-key 4-26, 4-30, 4-34

rates 10-4

recommendations 8-4, 8-5

recommendations pending-filters 8-6

reports details 9-6

running-config 10-2

show 10-3

sorting dynamic-filters 6-20

templates 5-7

zone policies 7-33

show privilege level 3-2

show public-key command 4-35

shutdown command 3-12

signature

generating 10-25

snapshot

backing up policies 5-12, 7-39, 7-44

command 7-38

comparing 7-40

deleting 7-39

displaying 7-41

saving 7-38, 7-39

snapshot command 7-37

SNMP

traps description 4-38

snmp commands

community 4-41

trap-dest 4-36

SNMP, configuring trap generator 4-36

SNMP,accessing 4-2

SPAN, configuring 2-8

specific IP threshold 7-25

speed command 3-12

src traffic characteristics 7-18

SSH

configuring 3-15

deleting keys 4-33

generating key 4-25, 4-29, 4-34

host key 4-25, 4-29

service 3-15

viewing public key 4-26, 4-30

state command 7-20

supervisor module

booting 2-13

configuring 2-1

powering off 2-13

resetting 2-12

saving configuration 2-1

shutting down 2-12

supported versions 11-6

verifying configuration 2-14

syn_by_fin packet type 7-17

sync command 5-33, 5-34

syns packet type 7-17

syslog

configuring export parameters 10-8

configuring server 10-8

message format 10-7

system log

message format 10-7

T

TACACS+

authentication

key generate command 4-24, 4-28

clearing statistics 4-21

configuring search 4-19

configuring server 4-17

server connection timeout 4-20

server encryption key 4-19

server IP address 4-18

viewing statistics 4-21

tacacs-server commands

clear statistics 4-21

first-hit 4-17, 4-20

host 4-17, 4-18

key 4-17, 4-19

show statistics 4-21

timeout 4-17, 4-20

TCP

detected anomalies 9-3, 9-7

no proxy policy templates 7-7

policy templates 7-5

templates

LINK 5-15

viewing policies 5-7

zone 5-5

thresh-mult 7-24

threshold

command 7-21

configuring list 7-25

configuring specific IP 7-25

marking as tuned 5-10, 5-25

multiplying before accepting 7-23

selection 7-38

setting as fixed 7-22

tuning 1-5, 5-12

worm 7-29

threshold selection 5-19

threshold-list command 7-25

time, configuring 4-31

timeout command 7-26

traceroute command 10-38

traffic

monitoring 10-18, 10-20

traffic sources

capturing 2-4

configuring 2-4

SPAN 2-4

VACL 2-4

trap 10-8

trap-dest 4-36

tuning policy thresholds 5-17

U

UDP

detected anomalies 9-4

policy templates 7-6

unauth_pkts packet type 7-17

unauthenticated TCP detected anomalies 9-4

upgrade command 11-18

upgrading

AP 11-8

inline 11-13

MP 11-11

user

detected anomalies 9-4

User filter

command 6-5

username

encrypted password 4-8

username command 4-8

users

adding 4-8

adding new 4-8

admin 2-11

assigning privilege levels 4-7

deleting 4-10

privilege levels 3-2, 4-12

riverhead 2-11

V

VACL, configuring 2-5

version, upgrading 11-18

W

WBM

activating 3-14

worm

Dynamic filter 7-32

identifying attack 7-32

overview 7-29

policy 7-16, 7-18

policy templates 7-6, 7-30

thresholds 7-29, 7-30

worm_tcp policy template 7-8

X

XML schema 9-10-??, 10-18, 10-20

Z

zone

command 5-3, 5-7, 8-3

comparing 7-41

configuration mode 3-3, 5-9

copying 5-7

creating 5-3

definition 1-3

deleting 5-7

detecting 5-49

duplicating 5-7

IP address 5-9

learning 5-11

LINK templates 5-15

modifying IP address 5-10

operation mode 5-4

reconfiguring 5-9

synchronize configuration 5-27

synchronizing automatically 5-31

synchronizing offline 5-40

templates 5-5

viewing configuration 5-10

viewing policies 7-33

viewing status 10-3

zone policy

marking as tuned 5-10, 5-25

	Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 5.0)
	Index
Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 5.0) Index Preface Product Overview Configuring the Detector Module on the Supervisor Engine Initializing the Detector Module Configuring the Detector Module Configuring Zones Configuring Zone Filters Configuring Policy Templates and Policies Using Interactive Detect Mode Understanding Attack Reports Using the Detector Module Diagnostics Tools Performing Maintenance Tasks	Download this chapter Index Download the complete book Cisco Traffic Anomaly Detector Module Configuration Guide (Software Version 5.0), Book-Length PDF (PDF - 3 MB) Table Of Contents Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z Symbols # 9-5 A AAA accounting 4-16 authentication 4-6 authorization 4-13 configuring 4-4 aaa accounting command 4-16 aaa authentication command 4-6 aaa authorization command 4-13 accounting, configuring 4-16 action command 7-27 action flow 9-9 add-service command 7-14 admin privilege level 3-2 always-accept 7-28 always-ignore 7-28 analysis detection level 7-16 anomaly detected 9-3 flow 9-5 AP booting to 2-13 clearing configuration 11-17 clearing passwords 11-17, 11-18 upgrading 11-8 upgrading, inline 11-13 application partition See AP arp command 10-32 attack report copying 9-10, 9-11 detected anomalies 9-3 exporting 9-9 exporting automatically 9-10 layout 9-2 notify 9-5 statistics 9-3 timing 9-2 viewing 9-6 attack type detected attack 9-7 auth packet types 7-16 authentication, configuring 4-6 authorization, configuring 4-10, 4-12 automatic detect mode 1-6, 5-51 automatic protection mode 5-51 B Berkley Packet filter 6-12 boot command 2-13 burn flash 11-16 Bypass filter command 6-17 configuring 6-16 definition 1-7, 6-2 deleting 6-19 viewing 6-18 C capture, packets 10-16 caution symbol overview xxvi CFE 11-10, 11-15, 11-16 clear ap config command 11-17 clear ap password command 11-17, 11-18 clear log command 10-11 CLI changing prompt 4-35 command shortcuts 3-9 error messages 3-7 getting help 3-8 issuing commands 3-5 TAB completion 3-8 using 3-2 command line interface See CLI 3-2 command shortcuts 3-9 config privilege level 3-2 configuration file copying 11-2 exporting 11-2 importing 11-3 viewing 10-2 saving on supervisor 2-1 configuration mode 3-3 configuration, accessing command mode 4-15 configure command 3-10 constructing policies 5-14 copy command packet-dump 10-20 copy commands ftp running-config 5-41, 11-4 log 10-7, 10-10 reports 9-11 running-config 11-2 zone log 10-10 copy guard-running-config command 5-38, 5-40 copy-from-this 5-7 copy-policies command 7-43 counters history 10-4 counters, viewing 10-4 cpu utilization 10-31 D date command 4-31 DDoS overview 1-3 deactivate command 5-18, 5-51 deactivating commands commands, dedactivating 3-6 default configuration, returning to 11-17 default-gateway command 3-13 description command 5-10 detect automatic mode 1-6, 5-51 interactive mode 1-6, 5-51 detect command 5-50 detect learning command 5-17 detected anomalies 9-3 flow 9-9 detected attack 9-7 detection level analysis 7-16 diff command 7-40, 7-41 disable command 7-10 distributed denial of service See DDoS DNS detected anomalies 9-3 TCP policy templates 7-5 tcp protocol flow 9-7 dst traffic characteristics 7-17 dst-ip-by-ip activation form 5-45, 5-52 dst-ip-by-name activation form 5-52 Dynamic filter command 6-23 definition 1-7 deleting 6-23 overview 6-2, 6-20 preventing production of 6-24 sorting 6-20 viewing 6-20 worm 7-32 Dynamic filters 1000 and more 6-21 displaying events 10-8 dynamic privilege level 3-2 E enable command 4-13, 7-10 password command 4-12 enabling services 4-3 entire-zone activation form 5-52 even log deactivating 10-7 event log activating 10-7 event monitor command 10-7 export command 10-8 packet-dump 10-18 export packet-dump command 10-19 export reports command 9-10 exporting configuration file 11-2 log file 10-10 reports automatically 9-10 exporting GUARD configuration 5-38, 5-40 extracting signatures 10-25 F facility 10-8 filters Bypass 1-7, 6-16 Dynamic 1-7, 6-2, 6-20 Flex-Content 1-7, 6-4 overview 6-2 first-hit 4-20 fixed-threshold 7-22 flash-burn command 11-16 Flex-Content filter configuring 6-5 definition 1-7, 6-2 renumbering 6-5 viewing 6-14 flex-content filter displaying 6-14 filtering criteria 6-4 fragments 9-7 detected anomalies 9-3 policy template 7-5 ftp-server command 5-36 G generating signatures 10-25 global mode 3-3 global traffic characteristics 7-17 Guard configuration mode 3-4 GUARD configuration, exporting 5-38, 5-40 guard-conf command 5-29 Guard-protection activation methods 5-51 H histogram command 7-30 host keys deleting 4-27, 4-30 host, logging 10-8 hostname changing 4-35 command 4-35 HTTP detected anomalies 9-3 policy template 7-5 hw-module command 11-9, 11-11, 11-13, 11-18 hw-module commands 2-12 hybrid 9-7 I in packet types 7-16 inline upgrade 11-13 installation verifying 2-2 interactive operation mode 8-3 policy status 7-28 interactive detect mode 1-6, 5-51 interactive protection mode 5-51 interactive-status command 7-28 interface activating 3-10, 3-12 command 3-11 configuration mode 3-3 configuring IP address 3-11 ip address modifying, zone 5-10 ip address command interface 3-11 zone 5-9 IP scan 9-7 detected anomalies 9-3 policy template 7-5 K key command add 4-31, 4-32 generate 4-25, 4-29, 4-34 remove 4-33 L learning command 5-16, 5-19 constructing policies 5-14 overview 5-11 policy-construction command 5-15 synchronizing results 5-13 terminating process 5-16, 5-19 threshold-tuning command 5-17, 5-18 tuning thresholds 5-17 learning accept command 5-16, 5-19 learning params threshold-selection command 5-23 learning-params deactivating periodic action 5-19 deactivating periodic-action command 5-16 periodic-action command 5-16, 5-19, 5-22, 5-31 threshold-multiplier command 7-23 threshold-selection command 5-19 threshold-tuned command 5-10, 5-25 learning-params command 5-31 learning-params fixed-threshold command 7-22 LINK templates 5-15 log file clearing 10-11 exporting 10-7, 10-10 viewing 10-9 logging command 10-8 logging, viewing configuration 10-9 M maintenance partition See MP management overview 3-13 port 2-3, 3-10, 3-11 SSH 3-15 VLAN 2-3 WBM 3-14 max-services command 7-9 memory consumption 10-31 MIB, supported 4-2 min-threshold command 7-10 modules recognition 10-31 monitoring network traffic 10-18, 10-20 MP booting to 2-13 upgrading 11-11 upgrading, inline 11-13 mtu command 3-11 N netstat command 10-35 no learning command 5-16, 5-19 no proxy policy templates 7-7 non_estb_conns packet type 7-16 notify 9-5 notify policy action 7-27 ns policy templates 7-7 O other protocols detected anomalies 9-3 policy template 7-5 out_pkts packet types 7-16 P packet-dump auto-capture command 10-15 automatic activating 10-13 deactivating 10-15 displaying settings 10-15 exporting 10-18, 10-19, 10-20 signatures 10-26 packet-dump command 10-16 packets, capturing 10-16 password changing 4-9 enabling 4-12 encrypted 4-8 recovering 11-17, 11-18 password, recovering 11-18 pending Dynamic filters 8-2 viewing 8-6 periodic action accepting policies automatically 5-19 acepting policies automatically 5-16 deactivating 5-16, 5-19 permit command 3-14, 3-15, 4-3 ping command 10-40 pkts packet type 7-17 policy action 7-19, 7-27 activating 7-19 adding services 7-13 backing up current 5-12, 7-39, 7-44 command 7-18 configuration mode 3-4 constructing 1-5, 5-12, 5-14, 7-4 copying parameters 7-43 copy-policies 7-43 deleting services 7-14 disabling 7-20 inactivating 7-19 learning-params, fixed-threshold command 7-22 marking as tuned 5-10, 5-25 marking threshold as fixed 7-22 multiplying thresholds 7-24 navigating path 7-18 packet types 7-16 show statistics 7-35 state 7-19 structure 7-2 threshold 7-4, 7-19, 7-21 threshold-list command 7-25 timeout 7-19, 7-26 traffic characteristics 7-17 tuning thresholds 1-5, 5-12, 5-17, 7-4 using wildcards 7-19 viewing statistics 5-20 policy set-timeout command 7-26 policy template command 7-7, 7-8, 7-10 configuration command level 7-8 configuration mode 3-4 displaying list 7-7 max-services 7-9 min-threshold 7-10 overview 7-4, 7-12 parameters 7-7 state 7-10 worm_tcp 7-8 policy-template add-service command 7-14 policy-template remove service command 7-14 policy-type activation form 5-52 port data 3-10, 3-11 management 3-10, 3-11 port scan 9-7 detected anomalies 9-3 policy template 7-5 power enable command 2-13 privilege levels 3-2 assigning passwords 4-12 moving between 4-13 protect activation methods 5-51 deactivating 5-51 protect command 5-51 protect-ip-state command 5-53 protocol traffic characteristics 7-17 proxy no proxy policy templates 7-7 public-key displaying 4-34 R rates history 10-4 rates, viewing 10-4 reactivate-zones 11-6 rebooting parameters 11-6 recognition module 10-31 recommendations accepting 8-8 activating 8-3, 8-7 change decision 7-28 command 8-7 deactivating 8-3 displaying 8-2 ignoring 8-8 overview 8-2 receiving notification 8-2 viewing 8-4 viewing pending-filters 8-6 reload command 11-5 remote Guard list displaying 5-47 remote Guards activating 5-44 default list 5-46 list 5-47 list activation order 5-47 remote-activate policy action 7-27 remote-guard command 5-46, 5-48 remove service command 7-14 renumbering Flex-Content filters 6-5 report See attack report 9-2 reports details 9-6 reqs packet type 7-17 reset command 2-12 running-config copy 11-2 copy ftp 5-41, 11-4 show 10-2 S scanners traffic characteristics 7-18 service adding 7-13 command 3-14, 4-3 copy 7-43 deleting 7-14 permissions 4-3 snmp-trap 4-36 wbm 3-14 services enabling 4-3 set-action 7-27 show commands counters 10-4 cpu 10-31 diagnostic-info 10-30 dynamic-filters 6-20 flex-content-filter 6-14 host-keys 4-26, 4-30 log 10-9 log export-ip 10-9 logging 10-9 memory 10-31 module 2-2, 11-9, 11-11, 11-12 packet-dump 10-15 packet-dump signatures 10-26 policies 7-33 policies statistics 5-20, 7-35 public-key 4-26, 4-30, 4-34 rates 10-4 recommendations 8-4, 8-5 recommendations pending-filters 8-6 reports details 9-6 running-config 10-2 show 10-3 sorting dynamic-filters 6-20 templates 5-7 zone policies 7-33 show privilege level 3-2 show public-key command 4-35 shutdown command 3-12 signature generating 10-25 snapshot backing up policies 5-12, 7-39, 7-44 command 7-38 comparing 7-40 deleting 7-39 displaying 7-41 saving 7-38, 7-39 snapshot command 7-37 SNMP traps description 4-38 snmp commands community 4-41 trap-dest 4-36 SNMP, configuring trap generator 4-36 SNMP,accessing 4-2 SPAN, configuring 2-8 specific IP threshold 7-25 speed command 3-12 src traffic characteristics 7-18 SSH configuring 3-15 deleting keys 4-33 generating key 4-25, 4-29, 4-34 host key 4-25, 4-29 service 3-15 viewing public key 4-26, 4-30 state command 7-20 supervisor module booting 2-13 configuring 2-1 powering off 2-13 resetting 2-12 saving configuration 2-1 shutting down 2-12 supported versions 11-6 verifying configuration 2-14 syn_by_fin packet type 7-17 sync command 5-33, 5-34 syns packet type 7-17 syslog configuring export parameters 10-8 configuring server 10-8 message format 10-7 system log message format 10-7 T TACACS+ authentication key generate command 4-24, 4-28 clearing statistics 4-21 configuring search 4-19 configuring server 4-17 server connection timeout 4-20 server encryption key 4-19 server IP address 4-18 viewing statistics 4-21 tacacs-server commands clear statistics 4-21 first-hit 4-17, 4-20 host 4-17, 4-18 key 4-17, 4-19 show statistics 4-21 timeout 4-17, 4-20 TCP detected anomalies 9-3, 9-7 no proxy policy templates 7-7 policy templates 7-5 templates LINK 5-15 viewing policies 5-7 zone 5-5 thresh-mult 7-24 threshold command 7-21 configuring list 7-25 configuring specific IP 7-25 marking as tuned 5-10, 5-25 multiplying before accepting 7-23 selection 7-38 setting as fixed 7-22 tuning 1-5, 5-12 worm 7-29 threshold selection 5-19 threshold-list command 7-25 time, configuring 4-31 timeout command 7-26 traceroute command 10-38 traffic monitoring 10-18, 10-20 traffic sources capturing 2-4 configuring 2-4 SPAN 2-4 VACL 2-4 trap 10-8 trap-dest 4-36 tuning policy thresholds 5-17 U UDP detected anomalies 9-4 policy templates 7-6 unauth_pkts packet type 7-17 unauthenticated TCP detected anomalies 9-4 upgrade command 11-18 upgrading AP 11-8 inline 11-13 MP 11-11 user detected anomalies 9-4 User filter command 6-5 username encrypted password 4-8 username command 4-8 users adding 4-8 adding new 4-8 admin 2-11 assigning privilege levels 4-7 deleting 4-10 privilege levels 3-2, 4-12 riverhead 2-11 V VACL, configuring 2-5 version, upgrading 11-18 W WBM activating 3-14 worm Dynamic filter 7-32 identifying attack 7-32 overview 7-29 policy 7-16, 7-18 policy templates 7-6, 7-30 thresholds 7-29, 7-30 worm_tcp policy template 7-8 X XML schema 9-10-??, 10-18, 10-20 Z zone command 5-3, 5-7, 8-3 comparing 7-41 configuration mode 3-3, 5-9 copying 5-7 creating 5-3 definition 1-3 deleting 5-7 detecting 5-49 duplicating 5-7 IP address 5-9 learning 5-11 LINK templates 5-15 modifying IP address 5-10 operation mode 5-4 reconfiguring 5-9 synchronize configuration 5-27 synchronizing automatically 5-31 synchronizing offline 5-40 templates 5-5 viewing configuration 5-10 viewing policies 7-33 viewing status 10-3 zone policy marking as tuned 5-10, 5-25
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.