Cisco Anomaly Guard Module Configuration Guide (Software Version 5.0) - Index [Cisco Services Modules]

Table Of Contents

Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z

Index

Symbols

#10-12

A

AAA

accounting4-16

authentication4-6

authorization4-14

configuring4-4

aaa accounting command4-16

aaa authentication command4-6

aaa authorization command4-14

accounting, configuring4-16

action command8-28

action flow10-16

activation-extent command6-41

activation interface6-38

activation-interface command6-40

activation method6-38

activation sensitivity6-39

add-service command8-14

admin privilege level3-2

advertised routes, viewing5-10, 5-13, 5-19

always-accept8-30

always-ignore8-30

analysis protection level1-7, 8-16

anomaly

detected10-4

flow10-12

anti-spoofing drop statistics13-11

AP

booting to2-10

clearing configuration12-18

clearing passwords12-18, 12-19

upgrading12-9

upgrading, inline12-14

application partition

See AP

arp command11-33

attack-detection command6-44

attack report

copying10-18, 10-19

detected anomalies10-4

dropped/replied packets10-3

exporting10-17

exporting automatically10-17

layout10-2

mitigated attacks10-5

notify10-12

statistics10-3

timing10-2

viewing10-12, 13-6

attack statistics13-7

attack type

client10-8

malformed packets10-10

mitigated attack10-14

user defined10-9

zombie10-8, 10-10

authentication, configuring4-6

authorization, configuring4-11, 4-12

auth packet types8-17

automatic protection mode6-38

automatic protect mode1-6, 6-38

B

bad packets to proxy drop statistics13-11

basic

User filter actions7-21

basic protection level1-7, 8-16

Berkley Packet filter7-12

block Dynamic filter actions7-28

block-unauthenticated policy action8-29

boot command2-10

burn flash12-17

Bypass filter

command7-17

configuring13-6

definition1-7, 7-2

deleting7-19

viewing7-18

C

capture, packets11-17

caution

symbol overviewxxviii

CFE12-10, 12-15, 12-17

clear ap config command12-18

clear ap password command12-18, 12-19

clear log command11-12

CLI

changing prompt4-33

command shortcuts3-9

error messages3-7

getting help3-8

issuing commands3-5

TAB completion3-8

using3-2

client attack10-14

client attack mitigated attacks10-8

command line interface

See CLI3-2

command shortcuts3-9

config privilege level3-2

configuration

file

copying12-2

exporting12-2

importing12-3

viewing11-2

saving on supervisor2-2

configuration, accessing command mode4-15

configuration mode3-3

configure command3-10

constructing policies6-15

copy command

packet-dump11-21

copy commands

ftp running-config6-30, 12-4

log11-8, 11-11

reports10-19

running-config12-2

zone log11-11

copy-from-this6-6

copy-policies command8-41

counters

history11-4

counters, viewing11-4

cpu utilization11-32

D

date command4-28

DDoS

attack classification13-7

overview1-3

deactivate command6-19, 6-38

deactivating commands

commands, dedactivating3-6

deactivating protection6-43

default configuration, returning to12-18

default-gateway command3-15

default zone6-40

description command6-10

detected

anomalies10-4

flow10-16

diff command8-38, 8-39

disable command8-10

distributed denial of service

See DDoS

diversion

command5-6, 5-7

configuring inline5-11

configuring out-of-path5-15

definition5-2

hijacking5-6

injection5-7, 5-20

mechanism5-4

network configuration5-3

restoring default values5-7

troubleshooting13-2

viewing advertised routes5-10, 5-13, 5-19

DNS

detected anomalies10-4

drop statistics13-10, 13-11

TCP policy templates8-4

drop

Dynamic filter action7-27

policy action8-29

statistics13-8

User filter action7-21

dropped packets

attack report10-3

learning6-13

drop-statistics command13-8

dst traffic characteristics8-18

Dynamic filter

actions7-20, 7-27

command7-29, 7-33

deactivating7-34

definition1-7

deleting7-33, 13-5

inactivating13-5

overview7-2, 7-27

preventing production of7-34

sorting7-31

terminating7-35

viewing7-30, 13-4

zone malicious rate7-35

Dynamic filters

1000 and more7-31

displaying events11-9

dynamic privilege level3-2

E

enable

command4-13, 8-10

password command4-12

enabling services4-3

even log

deactivating11-8

event log

activating11-8

event monitor command11-8

export command11-10

packet-dump11-20

exporting

configuration file12-2

log file11-11

reports automatically10-17

export packet-dump command11-20

export reports command10-18

extracting signatures11-26

F

facility11-9

filter rate

termination threshold7-35

filters

Bypass1-7, 7-16

Dynamic1-7, 7-2, 7-27

Flex-Content1-7, 7-4

overview7-2

User1-7, 7-20

filter-termination command7-35

first-hit4-21

fixed-threshold8-23

flash-burn command12-17

Flex-Content filter

configuring7-5

default configuration11-45

definition1-7, 7-2

dropped13-8

renumbering7-5

viewing7-14

flex-content filter

displaying7-14

filtering criteria7-4

fragments

detected anomalies10-4

policy template8-5

G

generating signatures11-26

global mode3-3

global traffic characteristics8-18

Guard

configuring multiple2-12

self protection11-44

H

high availability2-13

host, logging11-10

host keys

deleting4-26, 4-28

hostname

changing4-33

command4-33

HTTP

detected anomalies10-4

policy template8-5

hw-module command12-9, 12-10, 12-12, 12-14, 12-19

hw-module commands2-9

hybrid10-14

I

incoming TCP drop statistics13-9

injecting

VRF5-22

injecting, tunnel5-25

inline upgrade12-14

in packet types8-17

installation

verifying2-2

interactive

operation mode9-3

policy status8-31

interactive protection mode6-38

interactive protect mode1-6, 6-38

interactive-status command8-30

interface

activating3-10, 3-12

command3-11, 3-13, 3-14

configuration mode3-3

configuring IP address3-11to 3-14

loopback3-14

ip address

modifying, zone6-9

ip address command

interface3-11to 3-14

zone6-8, 6-45

ip route command3-16

IP scan

detected anomalies10-4

policy template8-5

K

key command

add4-28, 4-30

generate4-32

remove4-31

L

land attack drop statistics13-11

layer 3 interface

configuring on VLAN2-7

learning

command6-17, 6-20

constructing policies6-15

dropped packets6-13

overview6-11

policy-construction command6-15

synchronizing results6-14

terminating process6-17, 6-20

threshold-tuning command6-18, 6-19

tuning thresholds6-18

learning accept command6-16, 6-19

learning params

threshold-selection command6-24

learning-params

deactivating periodic action6-20

deactivating periodic-action command6-16

periodic-action command6-16, 6-20, 6-23

threshold-multiplier command8-24

threshold-selection command6-19

threshold-tuned command6-9, 6-25

learning-params fixed-threshold command8-23

LINK templates6-15

load sharing2-12

log

displaying subzones6-43

log file

clearing11-12

exporting11-8, 11-11

viewing11-11

logging, viewing configuration11-10

logging command11-9

loopback interface3-14

M

maintenance partition

See MP

malformed packets10-14

mitigated attacks10-10

malformed packets drop statistics13-11

malicious rate termination threshold7-34

management

overview3-18

port2-3, 3-10, 3-11

SSH3-19

VLAN2-3

WBM3-18

max-services command8-9

memory consumption11-32

MIB, supported4-2

min-threshold command8-9

mitigated attacks

client attack10-8

malformed packets10-10

overview10-5

spoofed10-6

user defined10-9

modules

overview8-16

recognition11-32

monitoring

network traffic11-20, 11-21

MP

booting to2-10

upgrading12-11

upgrading, inline12-14

mtu command3-11, 3-13

multiple Guards

configuring2-12

N

netstat command11-36

no learning command6-17, 6-20

non DNS drop statistics13-11

no proxy policy templates8-7

notify10-12

notify policy action8-29

ns policy templates8-7

num_sources packet type8-17

O

on-demand6-45

other protocols

detected anomalies10-4

policy template8-5

other protocols drop statistics13-9

out_pkts packet types8-17

outgoing TCP drop statistics13-9

P

packet-dump

auto-capture command11-16

automatic

activating11-14

deactivating11-16

displaying settings11-16

exporting11-20, 11-21

signatures11-27

packet-dump command11-17

packets, capturing11-17

password

changing4-9

enabling4-12

encrypted4-8

recovering12-18, 12-19

password, recovering12-19

pending Dynamic filters9-2

viewing9-6

periodic action

accepting policies automatically6-20

acepting policies automatically6-16

deactivating6-16, 6-20

permit

command3-18, 3-19, 4-3

User filter action7-21

ping command11-41

pkts packet type8-17

policy

action8-20, 8-28, 8-29

activating8-20

adding services8-13

backing up current6-13, 8-37, 8-42

command8-19

configuration mode3-4

constructing1-5, 6-12, 6-15, 8-4

copying parameters8-41

copy-policies8-41

deleting services8-14

disabling8-20

inactivating8-20

learning-params, fixed-threshold command8-23

marking as tuned6-9, 6-25

marking threshold as fixed8-23

multiplying thresholds8-25, 13-4, 13-5

navigating path8-19

packet types8-16

proxy threshold8-27

show statistics8-33

state8-20

structure8-2

threshold8-4, 8-20, 8-22

threshold-list command8-26

timeout8-20, 8-28

traffic characteristics8-18

tuning thresholds1-5, 6-12, 6-18, 8-4

viewing13-5

viewing statistics6-21

policy set-timeout command8-28

policy template

command8-7, 8-8, 8-10

configuration command level8-8

configuration mode3-4

displaying list8-7

max-services8-9

min-threshold8-9

overview8-4, 8-12

parameters8-7

state8-10

policy-template add-service command8-14

policy-template remove service command8-14

port

data3-10, 3-11

management3-10, 3-11

port scan

detected anomalies10-5

policy template8-5

power enable command2-10

privilege levels3-2

assigning passwords4-12

moving between4-13

protect

activating3-17

automatic mode1-6, 6-38

command6-35

deactivating6-38

deactivating automatically6-43

entire zone6-35

inactivity timeout6-43

interactive mode1-6, 6-38

on-demand6-45

specific IP6-37

specific ip address6-37

specific zone IP6-35

specific zone ip address6-35

protect command6-38

protection-end-timer command6-43

protection level

analysis1-7, 8-16

basic1-7, 8-16

strong1-8, 8-16

protect learning command6-18

protect-packet command6-39

protocol traffic characteristics8-18

proxy

command3-17

configuring3-17

no proxy policy templates8-7

proxy-threshold command8-27

public-key

displaying4-32

R

rate-limit command6-9, 7-16

Rate Limiter

dropped13-8

rates

history11-4

rates, viewing11-4

reactivate-zones12-6

rebooting

parameters12-6

recognition module11-32

recommendations

accepting9-8

activating9-3, 9-7

change decision8-30

command9-7

deactivating9-3

displaying9-2

ignoring9-8

overview9-2

receiving notification9-2

viewing9-4

viewing pending-filters9-6

redirect/zombie

Dynamic filter action7-28

policy action8-29

redundancy2-12, 2-13

reload command12-6

remove service command8-14

renumbering Flex-Content filters7-5

renumbering User filters7-22

replied packets10-3

report

See attack report10-2

reports

details10-12

displaying subzones6-43

reqs packet type8-17

reset command2-9

router configuration mode3-3

routing table

manipulation3-15

viewing3-16

running-config

copy12-2

copy ftp6-30, 12-4

show11-2

S

self-protection command11-44

service

adding8-13

command3-18, 4-3

copy8-41

deleting8-14

permissions4-3

snmp-trap4-33

wbm3-18

services

enabling4-3

set-action8-29

show commands

counters11-4

cpu11-32

diagnostic-info11-31

drop-statistics13-8

dynamic-filters7-30, 13-4

flex-content-filter7-14

host-keys4-28

log11-11

log export-ip11-10

logging11-10

memory11-32

module2-2, 12-9, 12-12

packet-dump11-16

packet-dump signatures11-27

policies8-32, 13-3, 13-5

policies statistics6-21, 8-33

public-key4-32

rates11-4, 13-2

recommendations9-4, 9-5

recommendations pending-filters9-6

reports13-6

reports details10-12

running-config11-2

show11-3

sorting dynamic-filters7-31

templates6-6

zone policies8-32

show privilege level3-2

show public-key command4-32

shutdown command3-12

signature

generating11-26

snapshot

backing up policies6-13, 8-37, 8-42

command8-36

comparing8-38

deleting8-37

displaying8-39

saving8-36, 8-37

snapshot command8-35

SNMP

traps description4-35

SNMP,accessing4-2

SNMP, configuring trap generator4-33

snmp commands

community4-38

trap-dest4-33

specific IP threshold8-26

speed command3-12

spoofed attack10-14

spoofed attacks10-6

src traffic characteristics8-18

SSH

configuring3-19

deleting keys4-31

generating key4-32

service3-19

state command8-20, 13-5

static route

adding3-15

strong

Dynamic filter action7-27

policy action8-29

protection level1-8, 8-16

User filter action7-21

sub zone6-41, 6-42

subzone

displaying logs and attack reports6-43

supervisor module

booting2-10

configuring2-1

configuring VLANs2-5

powering off2-10

resetting2-9

saving configuration2-2

shutting down2-9

supported versions12-7

verifying configuration2-11

syn_by_fin packet type8-17

syns packet type8-17

syslog

configuring export parameters11-9

configuring server11-10

message format11-9

system log

message format11-9

T

TACACS+

authentication

key generate command4-24, 4-27

clearing statistics4-22

configuring search4-20

configuring server4-17

server connection timeout4-21

server encryption key4-19

server IP address4-19

viewing statistics4-22

tacacs-server commands

clear statistics4-22

first-hit4-18, 4-21

host4-18, 4-19

key4-18, 4-19

show statistics4-22

timeout4-18, 4-21

TCP

detected anomalies10-5

drop statistics13-10, 13-11

no proxy policy templates8-7

policy templates8-5

templates

LINK6-15

viewing policies6-6

zone6-5

thresh-mult8-25, 13-4, 13-5

threshold

command8-22

configuring list8-26

configuring specific IP8-26

filter rate termination7-34

malicious rate termination7-34

marking as tuned6-9, 6-25

multiplying13-4, 13-5

multiplying before accepting8-24

selection8-36

setting as fixed8-22

tuning1-5, 6-12

threshold-list command8-26

threshold selection6-19

time, configuring4-28

timeout command8-28

to-user-filters

Dynamic filter action7-28

policy action8-29

traceroute command11-39

traffic

monitoring11-20, 11-21

trap11-9

trap-dest4-33

tuning policy thresholds6-18

U

UDP

detected anomalies10-5

drop statistics13-10

policy templates8-6

unauthenticated drop statistics13-9

unauth_pkts packet type8-17

unauthenticated TCP detected anomalies10-5

upgrade command12-18

upgrading

AP12-9

inline12-14

MP12-11

user

detected anomalies10-5

user defined mitigated attacks10-9

User filter

actions7-20, 7-21, 7-27

command7-5, 7-22

configuring7-20

definition1-7, 7-2

deleting7-26

renumbering7-22

viewing7-25

username

encrypted password4-8

username command4-8

users

adding4-8

adding new4-8

admin2-8

assigning privilege levels4-7

deleting4-10

privilege levels3-2, 4-12

riverhead2-8

V

version, upgrading12-18

VLAN

administrative2-6

assigning2-5

configuring3-13

configuring layer 3 interface2-7

configuring on supervisor module2-5

VPN Routing and Forwarding, See VRF

VRF, configuring injection5-22

W

WBM

activating3-18

X

XML schema10-17, 11-20

Z

zombie10-14

packet counter11-5

zombie attack10-16

zone

blocking criteria13-4

blocking flows13-2, 13-3

command6-3, 6-6, 9-3

comparing8-39

configuration mode3-4, 6-8

copying6-6

creating6-3

creating default6-40

definition1-3, 6-2

deleting6-6

duplicating6-6

IP address6-8

learning6-11

LINK templates6-15

malicious rate6-44

modifying IP address6-9

operation mode6-4

protecting6-33

reconfiguring6-8

sub6-41, 6-42

synchronize configuration6-28

synchronizing offline6-30

templates6-5

viewing configuration6-10

viewing policies8-31

viewing status11-3

zone-malicious-rate7-35

zone policy

marking as tuned6-9, 6-25

zone protection

terminating6-38, 6-43

	Cisco Anomaly Guard Module Configuration Guide (Software Version 5.0)
	Index
Cisco Anomaly Guard Module Configuration Guide (Software Version 5.0) Index Preface Product Overview Configuring the Guard Module on the Supervisor Engine Initializing the Guard Module Configuring the Guard Module Configuring Traffic Diversion Configuring Zones Configuring Zone Filters Configuring Policy Templates and Policies Using Interactive Protect Mode Understanding Attack Reports Using the Guard Module Diagnostics Tools Performing Maintenance Tasks Analyzing Guard Module Mitigation	Download this chapter Index Download the complete book Cisco Anomaly Guard Module Configuration Guide (Software Version 5.0), Book-Length PDF (PDF - 3 MB) Table Of Contents Symbols - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X - Z Index Symbols #10-12 A AAA accounting4-16 authentication4-6 authorization4-14 configuring4-4 aaa accounting command4-16 aaa authentication command4-6 aaa authorization command4-14 accounting, configuring4-16 action command8-28 action flow10-16 activation-extent command6-41 activation interface6-38 activation-interface command6-40 activation method6-38 activation sensitivity6-39 add-service command8-14 admin privilege level3-2 advertised routes, viewing5-10, 5-13, 5-19 always-accept8-30 always-ignore8-30 analysis protection level1-7, 8-16 anomaly detected10-4 flow10-12 anti-spoofing drop statistics13-11 AP booting to2-10 clearing configuration12-18 clearing passwords12-18, 12-19 upgrading12-9 upgrading, inline12-14 application partition See AP arp command11-33 attack-detection command6-44 attack report copying10-18, 10-19 detected anomalies10-4 dropped/replied packets10-3 exporting10-17 exporting automatically10-17 layout10-2 mitigated attacks10-5 notify10-12 statistics10-3 timing10-2 viewing10-12, 13-6 attack statistics13-7 attack type client10-8 malformed packets10-10 mitigated attack10-14 user defined10-9 zombie10-8, 10-10 authentication, configuring4-6 authorization, configuring4-11, 4-12 auth packet types8-17 automatic protection mode6-38 automatic protect mode1-6, 6-38 B bad packets to proxy drop statistics13-11 basic User filter actions7-21 basic protection level1-7, 8-16 Berkley Packet filter7-12 block Dynamic filter actions7-28 block-unauthenticated policy action8-29 boot command2-10 burn flash12-17 Bypass filter command7-17 configuring13-6 definition1-7, 7-2 deleting7-19 viewing7-18 C capture, packets11-17 caution symbol overviewxxviii CFE12-10, 12-15, 12-17 clear ap config command12-18 clear ap password command12-18, 12-19 clear log command11-12 CLI changing prompt4-33 command shortcuts3-9 error messages3-7 getting help3-8 issuing commands3-5 TAB completion3-8 using3-2 client attack10-14 client attack mitigated attacks10-8 command line interface See CLI3-2 command shortcuts3-9 config privilege level3-2 configuration file copying12-2 exporting12-2 importing12-3 viewing11-2 saving on supervisor2-2 configuration, accessing command mode4-15 configuration mode3-3 configure command3-10 constructing policies6-15 copy command packet-dump11-21 copy commands ftp running-config6-30, 12-4 log11-8, 11-11 reports10-19 running-config12-2 zone log11-11 copy-from-this6-6 copy-policies command8-41 counters history11-4 counters, viewing11-4 cpu utilization11-32 D date command4-28 DDoS attack classification13-7 overview1-3 deactivate command6-19, 6-38 deactivating commands commands, dedactivating3-6 deactivating protection6-43 default configuration, returning to12-18 default-gateway command3-15 default zone6-40 description command6-10 detected anomalies10-4 flow10-16 diff command8-38, 8-39 disable command8-10 distributed denial of service See DDoS diversion command5-6, 5-7 configuring inline5-11 configuring out-of-path5-15 definition5-2 hijacking5-6 injection5-7, 5-20 mechanism5-4 network configuration5-3 restoring default values5-7 troubleshooting13-2 viewing advertised routes5-10, 5-13, 5-19 DNS detected anomalies10-4 drop statistics13-10, 13-11 TCP policy templates8-4 drop Dynamic filter action7-27 policy action8-29 statistics13-8 User filter action7-21 dropped packets attack report10-3 learning6-13 drop-statistics command13-8 dst traffic characteristics8-18 Dynamic filter actions7-20, 7-27 command7-29, 7-33 deactivating7-34 definition1-7 deleting7-33, 13-5 inactivating13-5 overview7-2, 7-27 preventing production of7-34 sorting7-31 terminating7-35 viewing7-30, 13-4 zone malicious rate7-35 Dynamic filters 1000 and more7-31 displaying events11-9 dynamic privilege level3-2 E enable command4-13, 8-10 password command4-12 enabling services4-3 even log deactivating11-8 event log activating11-8 event monitor command11-8 export command11-10 packet-dump11-20 exporting configuration file12-2 log file11-11 reports automatically10-17 export packet-dump command11-20 export reports command10-18 extracting signatures11-26 F facility11-9 filter rate termination threshold7-35 filters Bypass1-7, 7-16 Dynamic1-7, 7-2, 7-27 Flex-Content1-7, 7-4 overview7-2 User1-7, 7-20 filter-termination command7-35 first-hit4-21 fixed-threshold8-23 flash-burn command12-17 Flex-Content filter configuring7-5 default configuration11-45 definition1-7, 7-2 dropped13-8 renumbering7-5 viewing7-14 flex-content filter displaying7-14 filtering criteria7-4 fragments detected anomalies10-4 policy template8-5 G generating signatures11-26 global mode3-3 global traffic characteristics8-18 Guard configuring multiple2-12 self protection11-44 H high availability2-13 host, logging11-10 host keys deleting4-26, 4-28 hostname changing4-33 command4-33 HTTP detected anomalies10-4 policy template8-5 hw-module command12-9, 12-10, 12-12, 12-14, 12-19 hw-module commands2-9 hybrid10-14 I incoming TCP drop statistics13-9 injecting VRF5-22 injecting, tunnel5-25 inline upgrade12-14 in packet types8-17 installation verifying2-2 interactive operation mode9-3 policy status8-31 interactive protection mode6-38 interactive protect mode1-6, 6-38 interactive-status command8-30 interface activating3-10, 3-12 command3-11, 3-13, 3-14 configuration mode3-3 configuring IP address3-11to 3-14 loopback3-14 ip address modifying, zone6-9 ip address command interface3-11to 3-14 zone6-8, 6-45 ip route command3-16 IP scan detected anomalies10-4 policy template8-5 K key command add4-28, 4-30 generate4-32 remove4-31 L land attack drop statistics13-11 layer 3 interface configuring on VLAN2-7 learning command6-17, 6-20 constructing policies6-15 dropped packets6-13 overview6-11 policy-construction command6-15 synchronizing results6-14 terminating process6-17, 6-20 threshold-tuning command6-18, 6-19 tuning thresholds6-18 learning accept command6-16, 6-19 learning params threshold-selection command6-24 learning-params deactivating periodic action6-20 deactivating periodic-action command6-16 periodic-action command6-16, 6-20, 6-23 threshold-multiplier command8-24 threshold-selection command6-19 threshold-tuned command6-9, 6-25 learning-params fixed-threshold command8-23 LINK templates6-15 load sharing2-12 log displaying subzones6-43 log file clearing11-12 exporting11-8, 11-11 viewing11-11 logging, viewing configuration11-10 logging command11-9 loopback interface3-14 M maintenance partition See MP malformed packets10-14 mitigated attacks10-10 malformed packets drop statistics13-11 malicious rate termination threshold7-34 management overview3-18 port2-3, 3-10, 3-11 SSH3-19 VLAN2-3 WBM3-18 max-services command8-9 memory consumption11-32 MIB, supported4-2 min-threshold command8-9 mitigated attacks client attack10-8 malformed packets10-10 overview10-5 spoofed10-6 user defined10-9 modules overview8-16 recognition11-32 monitoring network traffic11-20, 11-21 MP booting to2-10 upgrading12-11 upgrading, inline12-14 mtu command3-11, 3-13 multiple Guards configuring2-12 N netstat command11-36 no learning command6-17, 6-20 non DNS drop statistics13-11 no proxy policy templates8-7 notify10-12 notify policy action8-29 ns policy templates8-7 num_sources packet type8-17 O on-demand6-45 other protocols detected anomalies10-4 policy template8-5 other protocols drop statistics13-9 out_pkts packet types8-17 outgoing TCP drop statistics13-9 P packet-dump auto-capture command11-16 automatic activating11-14 deactivating11-16 displaying settings11-16 exporting11-20, 11-21 signatures11-27 packet-dump command11-17 packets, capturing11-17 password changing4-9 enabling4-12 encrypted4-8 recovering12-18, 12-19 password, recovering12-19 pending Dynamic filters9-2 viewing9-6 periodic action accepting policies automatically6-20 acepting policies automatically6-16 deactivating6-16, 6-20 permit command3-18, 3-19, 4-3 User filter action7-21 ping command11-41 pkts packet type8-17 policy action8-20, 8-28, 8-29 activating8-20 adding services8-13 backing up current6-13, 8-37, 8-42 command8-19 configuration mode3-4 constructing1-5, 6-12, 6-15, 8-4 copying parameters8-41 copy-policies8-41 deleting services8-14 disabling8-20 inactivating8-20 learning-params, fixed-threshold command8-23 marking as tuned6-9, 6-25 marking threshold as fixed8-23 multiplying thresholds8-25, 13-4, 13-5 navigating path8-19 packet types8-16 proxy threshold8-27 show statistics8-33 state8-20 structure8-2 threshold8-4, 8-20, 8-22 threshold-list command8-26 timeout8-20, 8-28 traffic characteristics8-18 tuning thresholds1-5, 6-12, 6-18, 8-4 viewing13-5 viewing statistics6-21 policy set-timeout command8-28 policy template command8-7, 8-8, 8-10 configuration command level8-8 configuration mode3-4 displaying list8-7 max-services8-9 min-threshold8-9 overview8-4, 8-12 parameters8-7 state8-10 policy-template add-service command8-14 policy-template remove service command8-14 port data3-10, 3-11 management3-10, 3-11 port scan detected anomalies10-5 policy template8-5 power enable command2-10 privilege levels3-2 assigning passwords4-12 moving between4-13 protect activating3-17 automatic mode1-6, 6-38 command6-35 deactivating6-38 deactivating automatically6-43 entire zone6-35 inactivity timeout6-43 interactive mode1-6, 6-38 on-demand6-45 specific IP6-37 specific ip address6-37 specific zone IP6-35 specific zone ip address6-35 protect command6-38 protection-end-timer command6-43 protection level analysis1-7, 8-16 basic1-7, 8-16 strong1-8, 8-16 protect learning command6-18 protect-packet command6-39 protocol traffic characteristics8-18 proxy command3-17 configuring3-17 no proxy policy templates8-7 proxy-threshold command8-27 public-key displaying4-32 R rate-limit command6-9, 7-16 Rate Limiter dropped13-8 rates history11-4 rates, viewing11-4 reactivate-zones12-6 rebooting parameters12-6 recognition module11-32 recommendations accepting9-8 activating9-3, 9-7 change decision8-30 command9-7 deactivating9-3 displaying9-2 ignoring9-8 overview9-2 receiving notification9-2 viewing9-4 viewing pending-filters9-6 redirect/zombie Dynamic filter action7-28 policy action8-29 redundancy2-12, 2-13 reload command12-6 remove service command8-14 renumbering Flex-Content filters7-5 renumbering User filters7-22 replied packets10-3 report See attack report10-2 reports details10-12 displaying subzones6-43 reqs packet type8-17 reset command2-9 router configuration mode3-3 routing table manipulation3-15 viewing3-16 running-config copy12-2 copy ftp6-30, 12-4 show11-2 S self-protection command11-44 service adding8-13 command3-18, 4-3 copy8-41 deleting8-14 permissions4-3 snmp-trap4-33 wbm3-18 services enabling4-3 set-action8-29 show commands counters11-4 cpu11-32 diagnostic-info11-31 drop-statistics13-8 dynamic-filters7-30, 13-4 flex-content-filter7-14 host-keys4-28 log11-11 log export-ip11-10 logging11-10 memory11-32 module2-2, 12-9, 12-12 packet-dump11-16 packet-dump signatures11-27 policies8-32, 13-3, 13-5 policies statistics6-21, 8-33 public-key4-32 rates11-4, 13-2 recommendations9-4, 9-5 recommendations pending-filters9-6 reports13-6 reports details10-12 running-config11-2 show11-3 sorting dynamic-filters7-31 templates6-6 zone policies8-32 show privilege level3-2 show public-key command4-32 shutdown command3-12 signature generating11-26 snapshot backing up policies6-13, 8-37, 8-42 command8-36 comparing8-38 deleting8-37 displaying8-39 saving8-36, 8-37 snapshot command8-35 SNMP traps description4-35 SNMP,accessing4-2 SNMP, configuring trap generator4-33 snmp commands community4-38 trap-dest4-33 specific IP threshold8-26 speed command3-12 spoofed attack10-14 spoofed attacks10-6 src traffic characteristics8-18 SSH configuring3-19 deleting keys4-31 generating key4-32 service3-19 state command8-20, 13-5 static route adding3-15 strong Dynamic filter action7-27 policy action8-29 protection level1-8, 8-16 User filter action7-21 sub zone6-41, 6-42 subzone displaying logs and attack reports6-43 supervisor module booting2-10 configuring2-1 configuring VLANs2-5 powering off2-10 resetting2-9 saving configuration2-2 shutting down2-9 supported versions12-7 verifying configuration2-11 syn_by_fin packet type8-17 syns packet type8-17 syslog configuring export parameters11-9 configuring server11-10 message format11-9 system log message format11-9 T TACACS+ authentication key generate command4-24, 4-27 clearing statistics4-22 configuring search4-20 configuring server4-17 server connection timeout4-21 server encryption key4-19 server IP address4-19 viewing statistics4-22 tacacs-server commands clear statistics4-22 first-hit4-18, 4-21 host4-18, 4-19 key4-18, 4-19 show statistics4-22 timeout4-18, 4-21 TCP detected anomalies10-5 drop statistics13-10, 13-11 no proxy policy templates8-7 policy templates8-5 templates LINK6-15 viewing policies6-6 zone6-5 thresh-mult8-25, 13-4, 13-5 threshold command8-22 configuring list8-26 configuring specific IP8-26 filter rate termination7-34 malicious rate termination7-34 marking as tuned6-9, 6-25 multiplying13-4, 13-5 multiplying before accepting8-24 selection8-36 setting as fixed8-22 tuning1-5, 6-12 threshold-list command8-26 threshold selection6-19 time, configuring4-28 timeout command8-28 to-user-filters Dynamic filter action7-28 policy action8-29 traceroute command11-39 traffic monitoring11-20, 11-21 trap11-9 trap-dest4-33 tuning policy thresholds6-18 U UDP detected anomalies10-5 drop statistics13-10 policy templates8-6 unauthenticated drop statistics13-9 unauth_pkts packet type8-17 unauthenticated TCP detected anomalies10-5 upgrade command12-18 upgrading AP12-9 inline12-14 MP12-11 user detected anomalies10-5 user defined mitigated attacks10-9 User filter actions7-20, 7-21, 7-27 command7-5, 7-22 configuring7-20 definition1-7, 7-2 deleting7-26 renumbering7-22 viewing7-25 username encrypted password4-8 username command4-8 users adding4-8 adding new4-8 admin2-8 assigning privilege levels4-7 deleting4-10 privilege levels3-2, 4-12 riverhead2-8 V version, upgrading12-18 VLAN administrative2-6 assigning2-5 configuring3-13 configuring layer 3 interface2-7 configuring on supervisor module2-5 VPN Routing and Forwarding, See VRF VRF, configuring injection5-22 W WBM activating3-18 X XML schema10-17, 11-20 Z zombie10-14 packet counter11-5 zombie attack10-16 zone blocking criteria13-4 blocking flows13-2, 13-3 command6-3, 6-6, 9-3 comparing8-39 configuration mode3-4, 6-8 copying6-6 creating6-3 creating default6-40 definition1-3, 6-2 deleting6-6 duplicating6-6 IP address6-8 learning6-11 LINK templates6-15 malicious rate6-44 modifying IP address6-9 operation mode6-4 protecting6-33 reconfiguring6-8 sub6-41, 6-42 synchronize configuration6-28 synchronizing offline6-30 templates6-5 viewing configuration6-10 viewing policies8-31 viewing status11-3 zone-malicious-rate7-35 zone policy marking as tuned6-9, 6-25 zone protection terminating6-38, 6-43
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.