Cisco Guard Configuration Guide (Software Version 5.1) - Index [Cisco Guard DDoS Mitigation Appliances]

Table Of Contents

Symbols - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - R - S - T - U - V - W - X - Z

Index

Symbols

# (number sign) 11-13

* (wildcard) 2-9, 5-7, 11-13

A

AAA

accounting 3-18

authentication 3-7

authorization 3-15

configuring 3-4

aaa accounting command 3-18

aaa authentication command 3-7

aaa authorization command 3-15

accounting, configuring 3-18

action command 7-31

action flow 11-17

activation

activation-extent command 9-9

activation-interface command 9-5

interface 9-4

method 9-4

sensitivity 9-8

add-service command 7-15

admin privilege level 2-2, 3-8

always-accept 7-33

always-ignore 7-33

analysis protection level 1-7, 7-17

anomaly

detected 11-4

flow 11-13

anomaly detection engine memory usage 12-38, 12-42

anti-spoofing drop statistics 14-10

arp command 12-43

attack-detection command 9-12

attack report

copying 11-19

detected anomalies 11-4

exporting 11-18, 11-19

exporting automatically 11-19

history 12-37

layout 11-2

malicious packets statistics 11-3

mitigated attacks 11-6

notify 11-13

statistics 11-3

timing 11-2

viewing 11-13, 14-6

attack reports

exporting 13-9

attack statistics 14-7

attack type

client 11-9

malformed packets 11-10

mitigated attack 11-15

user defined 11-9

zombie 11-8, 11-11

authentication, configuring 3-7

authorization

disabling zone command completion 3-18, 5-9

authorization, configuring 3-11, 3-12

auth packet types 7-18

automatic protection mode 9-4

automatic protect mode 1-5, 9-4

B

bad packets to proxy drop statistics 14-10

banner

configuring login 3-44

basic

user filter actions 6-21

basic protection level 1-7, 7-17

Berkley Packet filter 6-12

BGP

announcement A-20

Cisco router configuration example 4-7

configuration 4-3

configuration example 4-6

diverting method A-8

Guard configuratio 4-11

Guard configuration 4-4

Juniper router configuration example 4-8

block dynamic filter actions 6-28

block-unauthenticated policy action 7-31

burn flash 13-15

bypass filter

command 6-17

configuring 14-5

definition 1-7, 6-2

deleting 6-20

displaying 6-19

C

capture, packets 12-19

caution

symbol overview xxix

CFE 13-15

clear counters command 2-18, 12-6

clear log command 12-14

CLI

changing prompt 3-36

command shortcuts 2-9

error messages 2-7

getting help 2-8

issuing commands 2-5

TAB completion 2-8

using 2-2

client attack 11-15

client attack mitigated attacks 11-9

command completion 3-18

command line interface

See CLI 2-2

command shortcuts 2-9

comparator 6-4

config privilege level 2-2, 3-8

configuration

file

copying 13-3

exporting 13-4

importing 13-6

viewing 12-2

importing 13-6

saving 4-1

configuration, accessing command mode 3-17

configuration mode 2-3

configure command 2-11

constructing policies 8-6

copy command

packet-dump 12-24

copy commands

ftp running-config 13-6

log 12-9, 12-12

new-version 13-13

reports 11-19

running-config 5-15, 13-4

zone log 12-12

copy-from-this 5-7

copy login-banner command 3-45

copy-policies command 8-24

copy wbm-logo command 3-47

counters

clearing 2-18, 12-6

history 12-4

counters, viewing 12-4

cpu utilization 12-39

D

date command 3-30, 3-31

DDoS

attack classification 14-6

overview 1-2

deactivate command 8-9, 9-16

deactivating commands

commands, dedactivating 2-6

deactivating protection 9-11

default-gateway command 2-19

default zone 9-8

description command 5-10

detected

anomalies 11-4

flow 11-17

diff command 8-21, 8-22

disable command 7-11

disabling

automatic export 13-10

disk usage 12-37

distributed denial of service

See DDoS

diversion A-2

BGP 4-1

BGP diverting method 4-4, A-8

dynamic next hop A-10

layer 2 topology A-5

layer 3 topology A-4

long diversion 4-38, A-7, A-19

static next hop A-9

troubleshooting 14-2

Tunnel 4-35

tunnel 4-35, A-18

divert-from router A-2

DNS

detected anomalies 11-5

drop statistics 14-9, 14-10

TCP policy templates 7-4

drop

dynamic filter action 6-28

policy action 7-31

statistics 14-8

user filter action 6-21

dropped packets

learning 8-2

drop-statistics command 14-7

dst traffic characteristics 7-19

dynamic filter

1000 and more 6-30

actions 6-21, 6-28

command 6-32, 6-34

deactivating 6-35

definition 1-7

deleting 6-34, 14-5

displaying 6-29, 14-4

displaying events 12-10

inactivating 14-5

overview 6-2, 6-27

preventing production of 6-35

sorting 6-29

terminating 6-36

zone malicious rate 6-36

dynamic privilege level 2-2, 3-8

E

enable

command 3-14, 7-11

password command 3-13

enabling services 3-3

even log

deactivating 12-9

event log

activating 12-9

event monitor command 12-9

export

disabling automatic 13-10

export command 13-9

packet-dump 12-23

reports 11-19

exporting

configuration file 13-4

log file 12-12

reports automatically 11-19

extracting signatures 12-30

F

facility 12-10

FBF

Juniper router configuration example 4-16

file server

configuring 13-2

file-server

command 13-2

configuring 13-2

deleting 13-3

displaying 13-3, 13-11

file server, displaying sync-config 13-11

filter rate

termination threshold 6-36

filters

bypass 1-7, 6-17

dynamic 1-7, 6-2, 6-27

flex-content 1-7, 6-4

overview 6-1

user 1-7, 6-20

filter-termination command 6-36

first-hit 3-22, 3-23

fixed-threshold 7-24

flash-burn command 13-15

flex-content filter

configuring 6-5

default configuration 12-55

definition 1-7, 6-2

displaying 6-14

dropped 14-8

filtering criteria 6-4

renumbering 6-5

forwarding 4-9, A-8

Layer 2 4-9

layer 2 A-11

layer 3 A-11

PBR-DST 4-12

PBR -VLAN 4-23

PBR VLAN A-14

policy based routing 4-12

VLAN VRF A-15

VPN routing 4-19

VRF A-12

VRF-VLAN 4-27

fragments

detected anomalies 11-5

policy template 7-4

G

generating signatures 12-30

global mode 2-3

global traffic characteristics 7-19

GRE

See tunnel 2-16

Guard

self protection 12-54

GUARD_DEFAULT 5-3

GUARD_LINK 5-3

GUARD_TCP_NO_ PROXY 5-4

GUARD_VOIP 5-4

GUARD configuration, importing 5-15

H

history command 12-37

host, logging 12-11

host keys

deleting 3-28, 3-29

hostname

changing 3-36

command 3-36

HTTP

detected anomalies 11-5

policy template 7-5

hybrid 11-15

I

idle session, configuring timeout 3-49

idle session, displaying timeout 3-49

importing

configuration 13-6

importing GUARD configuration 5-15

in-band

configuring interface 2-12

incoming TCP drop statistics 14-8

injecting traffic A-23

inject-to router A-2

in packet types 7-18

install new-version command 13-14

interactive

operation mode 10-5

policy status 7-33

interactive protection mode 9-4

interactive protect mode 1-5, 9-4

interactive-status command 7-33

interface

activating 2-11, 2-13

clearing couters 2-18

command 2-12, 2-14, 2-15, 2-16

configuration mode 2-3

configuring 2-12

configuring IP address2-12to 2-15, 2-16

loopback 2-15

out-of-band 2-11

ip address

modifying, zone 5-12

IP address command

excluding 5-11

ip address command 2-16

deleting 5-12

interface2-12to 2-15

zone 5-11, 9-3

IPIP

See tunnel 2-16

ip route command 2-20

IP scan

detected anomalies 11-5

policy template 7-5

IP threshold configuration 7-27

J

Juniper

routing instance 4-31

routing instances A-16

K

keepalive command 2-17

key command

add 3-30, 3-33

generate 3-35

remove 3-34

L

L2F 4-9, A-11

configuration 4-11

router configuration 4-12

land attack drop statistics 14-11

layer 2 topology A-5

layer 3 topology A-4

learning

command 8-8, 8-11

constructing policies 8-6

dropped packets 8-2

overview 8-2

policy-construction command 8-6

synchronizing results 8-5

terminating process 8-8, 8-11

threshold-tuning command 8-9

tuning thresholds 8-8

learning accept command 8-7, 8-10

learning parameters, displaying 8-13

learning params

threshold-selection command 8-14

learning-params

deactivating periodic action 8-10

deactivating periodic-action command 8-7

periodic-action command 8-7, 8-10, 8-13

threshold-multiplier command 7-25

threshold-selection command 8-10

threshold-tuned command 5-12, 8-16

learning-params fixed-threshold command 7-24

LINK templates 8-6

log

displaying subzones 9-10

log file

clearing 12-13

exporting 12-9, 12-12

history 12-37

viewing 12-12

logging, viewing configuration 12-11

logging command 12-10

login banner

configuring 3-44

deleting 3-46

importing 3-45

login-banner command 3-44

logo, adding WBM 3-47

logo, deleting WBM 3-49

long diversion 4-38, A-7, A-19

Cisco router configuration 4-41

Guard configuration 4-40

loopback interface 2-15

M

malformed packets 11-15

mitigated attacks 11-10

malformed packets drop statistics 14-11

malicious packets statistics

attack report 11-3

malicious rate termination threshold 6-35

management

overview 2-22

SSH 2-24

WBM 2-22

max-services command 7-10

memory consumption 12-38

memory usage, anomaly detection engine 12-38, 12-42

MIB, supported 3-2

min-threshold command 7-10

mitigated attacks

client attack 11-9

malformed packets 11-10

overview 11-6

spoofed 11-6

user defined 11-9

monitoring

network traffic 12-23, 12-24

MP

upgrading 13-13

MPLS LSP A-22

mtu command 2-13, 2-14, 2-16

N

netstat command 12-46

network server

configuring 13-2

deleting 13-3

displaying 13-3, 13-11

network server, displaying sync-config 13-11

new version

installing 13-14

upgrading 13-13

next hop discovery A-24

IGP A-26

IGP + BGP A-27

routing protocols A-24

next-hop router A-2

no learning command 8-8, 8-11

non DNS drop statistics 14-10

no proxy policy templates 7-7

note

symbol overview xxix

notify 11-13

notify policy action 7-32

ns policy templates 7-7

NTP 3-31

enable service 3-31

permit 3-32

server 3-32

num_sources packet type 7-18

O

on-demand 9-3

other protocols

detected anomalies 11-5

policy template 7-5

other protocols drop statistics 14-9

out_pkts packet types 7-18

outgoing TCP drop statistics 14-8

out-of-band

configuring interface 2-12

out-of-band interface 2-11

P

packet-dump

auto-capture command 12-18

automatic

activating 12-16

deactivating 12-18

displaying settings 12-18

exporting 12-23, 12-24, 13-9

signatures 12-31

packet-dump command 12-19

packets, capturing 12-19

password

changing 3-9

enabling 3-13

encrypted 3-9

password, recovering 13-16

PBR A-9, A-11

PBR-DST 4-12

Cisco router configuration 4-15

configuration 4-13

example 4-15

Guard configuration 4-14

PBR -VLAN 4-23

PBR -VLAN

Guard configuration 4-24

PBR VLAN A-14

pending dynamic filters 10-2

displaying 10-4, 10-8

periodic action

accepting policies automatically 8-10

acepting policies automatically 8-7

deactivating 8-7, 8-10

permit

command 2-22, 2-24, 3-3

user filter action 6-21

permit ssh command 3-29

ping command 12-51

pkts packet type 7-18

policy

action 7-21, 7-31, 7-32

activating 7-21

adding services 7-14

backing up current 7-39, 8-20, 8-26

command 7-20

configuration mode 2-4

constructing 1-5, 7-4, 8-3, 8-6

copying parameters 8-24

copy-policies 8-24

deleting services 7-15

disabling 7-21

inactivating 7-21

learning-params, fixed-threshold command 7-24

marking as tuned 5-12, 8-16

marking threshold as fixed 7-24

multiplying thresholds 7-26, 14-3, 14-4

navigating path 7-20

packet types 7-17

proxy threshold 7-29

show statistics 7-36

state 7-21

structure 7-2

threshold 7-4, 7-21, 7-23

threshold-list command 7-27

timeout 7-21, 7-29

traffic characteristics 7-19

tuning thresholds 1-5, 7-4, 8-3, 8-8

using wildcards 7-21, 7-34, 7-37

viewing 14-4

viewing statistics 8-12

Policy Based Routing A-9

policy-based routing 4-12

policy set-timeout command 7-30

policy template

command 7-8, 7-11

configuration command level 7-8

configuration mode 2-4

displaying list 7-8

max-services 7-10

min-threshold 7-10

overview 7-4, 7-13

parameters 7-8

state 7-11

policy-template add-service command 7-15

policy-template remove service command 7-15

port scan

detected anomalies 11-5

policy template 7-5

poweroff command 13-12

pPossible next-hop routers A-2

privilege levels 2-2

assigning passwords 3-13

moving between 3-14

protect

activating 2-21

automatic mode 1-5, 9-4

command 9-13

deactivating 9-16

deactivating automatically 9-11

entire zone 9-13

inactivity timeout 9-11

interactive mode 1-5, 9-4

on-demand 9-3

specific IP 9-15

specific ip address 9-15

specific zone IP 9-14

specific zone ip address 9-14

protect command 9-16

protection

activation sensitivity 9-8

protection-end-timer command 9-11

protection level

analysis 1-7, 7-17

basic 1-7, 7-17

strong 1-7, 7-17

protection levels

overview 7-17

protect learning command 8-9

protect-packet command 9-8

protocol traffic characteristics 7-19

proxy

command 2-21

configuring 2-21

no proxy policy templates 7-7

proxy-threshold command 7-29

public-key

displaying 3-35

R

rate-limit command 5-9, 6-17

Rate Limiter

dropped 14-8

rates

history 12-4

rates, viewing 12-4

reactivate-zones 13-11

reboot command 13-11

rebooting

parameters 13-11

recommendations

accepting 10-10

activating 10-5, 10-8

change decision 7-33

command 10-9

deactivating 10-4, 10-11

displaying 10-2

ignoring 10-10

overview 10-2

receiving notification 10-2

viewing 10-5

viewing pending-filters 10-4, 10-8

redirect/zombie

dynamic filter action 6-28

policy action 7-32

reload command 13-11

remove service command 7-15

renumbering flex-content filters 6-5

renumbering user filters 6-22

replied packets 11-3

report

See attack report 11-2

reports

details 11-13

displaying subzones 9-11

exporting 13-9

reqs packet type 7-18

router configuration mode 2-3

routing instance 4-31

routing instances A-16

routing table

GRM B-6

manipulation 2-19

viewing 2-20

zebra application B-6

RTP/RTCP 5-4

running-config

copy 5-15, 13-4, 13-6

show 12-2

S

saving configuration 4-1

self-protection command 12-54

service

adding 7-14

command 2-22, 3-3

copy 8-24

deleting 7-15

permissions 3-3

snmp-trap 3-37

wbm 2-22

services

enabling 3-3

session, configuring timeout 3-49

session, displaying idle timeout 3-49

session timeout, disableling 3-49

session-timeout command 3-49

set-action 7-32

show commands

counters 12-4

cpu 12-39

diagnostic-info 12-35

disk-usage 12-37

drop-statistics 14-7

dynamic-filters 6-29, 14-4

file-servers 13-3, 13-11

flex-content-filter 6-14

host-keys 3-29

learning parameters 8-13

learning-params 7-24

log 12-12

log export-ip 12-11

logging 12-11

login-banner 3-44

memory 12-38

packet-dump 12-18

packet-dump signatures 12-31

policies 7-34, 14-3, 14-4

policies statistics 7-36, 8-12

public-key 3-35

rates 12-4, 14-1

recommendations 10-6, 10-7

recommendations pending-filters 10-4, 10-8

reports 14-6

reports details 11-13

running-config 12-2

show 12-3

sorting dynamic-filters 6-29

sync-config file-servers 13-11

templates 5-7

zone policies 7-34

show privilege level 2-2, 3-9

show public-key command 3-35

shutdown command 2-13

signature

generating 12-30

SIP

detected anomalies 11-5

drop statistics 14-11

malformed packets 11-11

policy template 7-6

spoofed attacks 11-8

user filter action 6-21

zone template 5-4

snapshot

backing up policies 7-39, 8-20, 8-26

command 8-19

comparing 8-21

deleting 8-24

displaying 8-22

saving 8-19, 8-20

snapshot command 8-18

snapshots

save periodically 8-13

SNMP

accessing 3-2

configuring trap generator 3-37

traps description 3-38

snmp commands

community 3-43

trap-dest 3-37

source IP

tunnel 2-16

specific IP threshold 7-27

speed command 2-13

spoofed attack 11-15

spoofed attacks 11-6

src traffic characteristics 7-19

SSH

configuring 2-24

deleting keys 3-34

generating key 3-35

service 2-24

state command 7-21, 14-5

static route

adding 2-19

strong

dynamic filter action 6-28

policy action 7-31

protection level 1-7, 7-17

user filter action 6-22

sub zone 9-9, 9-10

subzone

displaying logs and attack reports 9-10

syn_by_fin packet type 7-18

syns packet type 7-18

syslog

configuring export parameters 12-10

configuring server 12-11

message format 12-10

system log

message format 12-10

T

TACACS+

authentication

key generate command 3-26, 3-29

clearing statistics 3-24

configuring search 3-22

configuring server 3-19

server connection timeout 3-23

server encryption key 3-21

server IP address 3-21

viewing statistics 3-24

tacacs-server commands

clear statistics 3-24

first-hit 3-20, 3-22, 3-23

host 3-20, 3-21

key 3-20, 3-21

show statistics 3-24

timeout 3-20, 3-23

TCP

detected anomalies 11-5

drop statistics 14-9, 14-10

no proxy policy templates 7-7

policy templates 7-5

templates

LINK 8-6

viewing policies 5-7

zone 5-3

thresh-mult 7-26, 14-3, 14-4

threshold

command 7-23

configuring IP threshold 7-27

configuring list 7-27

configuring specific IP 7-27

filter rate termination 6-36

malicious rate termination 6-35

marking as tuned 5-12, 8-16

multiplying 14-3, 14-4

multiplying before accepting 7-25

selection 8-19

setting as fixed 7-24

tuning 1-5, 8-3

threshold-list command 7-27

threshold selection 8-10

threshold tuning

save results periodically 8-13

time, configuring 3-30

timeout command 7-29

timeout session, configuring 3-49

timeout session, disabling 3-49

timesaver

symbol overview xxix

timezone 3-31

tip

symbol overview xxix

to-user-filters

dynamic filter action 6-28

policy action 7-31

traceroute command 12-49

traffic

monitoring 12-23, 12-24

traffic forwarding 4-9, A-8

traffic injection A-23

trap 12-10

trap-dest 3-37

tuning policy thresholds 8-8

tunnel

commands 2-16

configuring 2-16

GRE keepalive 2-17

tunnel diversion 4-35, A-18

Cisco router configuration 4-37

Guard configuration 4-36

U

UDP

detected anomalies 11-5

drop statistics 14-9

policy templates 7-6

unauthenticated drop statistics 14-8

unauth_pkts packet type 7-18

unauthenticated TCP detected anomalies 11-5

upgrading 13-13

MP 13-13

user

detected anomalies 11-5

user defined mitigated attacks 11-9

user filter

actions 6-21, 6-28

command 6-5, 6-22, 6-23

configuring 6-20

definition 1-7, 6-2

deleting 6-27

displaying 6-25

renumbering 6-22

username

encrypted password 3-9

username command 3-8

users

adding 3-8

adding new 3-8

assigning privilege levels 3-7

deleting 3-11

privilege levels 2-2, 3-12

system users

admin 2-10

riverhead 2-10

username command 3-8

V

VLAN

configuring 2-14

VLAN policy based routing 4-23

VLAN VPN routing forwarding 4-27

VLAN VRF A-15

Voice over IP

See VoIP

VoIP

detected anomalies 11-5

drop statistics 14-11

malformed packets 11-11

policy template 7-6

spoofed attacks 11-8

user filter action 6-21

zone template 5-4

VPN Routing Forwarding A-9

VPN routing forwarding 4-19

VRF A-9, A-12

VRF - DST

Guard configuration 4-20

VRF -DST

Cisco router configuration 4-21

VRF - VLAN 4-27

W

WBM

activating 2-22

WBM logo

adding 3-47

deleting 3-49

X

XML schema11-19to 11-22, 12-23, 13-10

Z

zebra routing table B-6

zombie 11-15

packet counter 12-5

zombie attack 11-17

zone

blocking criteria 14-4

blocking flows 14-2

clearing counters 12-6

command 5-5, 5-7, 10-5

command completion 3-18, 5-9

comparing 8-22

configuration mode 2-4, 5-8

copying 5-7

creating 5-5

creating default 9-8

defining IP address 5-11

definition 1-3, 5-2

deleting 5-7

deleting IP address 5-12

duplicating 5-7

excluding IP address 5-11

IP address 5-11

learning 8-2

LINK templates 8-6

malicious rate 9-12

modifying IP address 5-12

operation mode 5-6

protecting 9-2

reconfiguring 5-8

sub 9-9, 9-10

synchronize configuration 5-13

synchronizing offline 5-14

templates 5-3

viewing configuration 5-10

viewing policies 7-34

viewing status 12-3

zone-malicious-rate 6-36

zone policy

marking as tuned 5-12, 8-16

zone protection

terminating 9-11, 9-16

	Cisco Guard Configuration Guide (Software Version 5.1)
	Index
Cisco Guard Configuration Guide (Software Version 5.1) Index Preface Product Overview Initializing the Guard Configuring the Guard Configuring Traffic Diversion Configuring Zones Configuring Zone Filters Configuring Policy Templates and Policies Learning the Zone Traffic Characteristics Protecting Zones Using Interactive Protect Mode Understanding Attack Reports Using Guard Diagnostics Tools Performing Maintenance Tasks Analyzing Guard Mitigation Understanding Zone Traffic Diversion Troubleshooting Diversion	Download this chapter Index Download the complete book Cisco Guard Configuration Guide (Software Version 5.1), Book-Length PDF (PDF - 5 MB) Table Of Contents Symbols - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - R - S - T - U - V - W - X - Z Index Symbols # (number sign) 11-13 * (wildcard) 2-9, 5-7, 11-13 A AAA accounting 3-18 authentication 3-7 authorization 3-15 configuring 3-4 aaa accounting command 3-18 aaa authentication command 3-7 aaa authorization command 3-15 accounting, configuring 3-18 action command 7-31 action flow 11-17 activation activation-extent command 9-9 activation-interface command 9-5 interface 9-4 method 9-4 sensitivity 9-8 add-service command 7-15 admin privilege level 2-2, 3-8 always-accept 7-33 always-ignore 7-33 analysis protection level 1-7, 7-17 anomaly detected 11-4 flow 11-13 anomaly detection engine memory usage 12-38, 12-42 anti-spoofing drop statistics 14-10 arp command 12-43 attack-detection command 9-12 attack report copying 11-19 detected anomalies 11-4 exporting 11-18, 11-19 exporting automatically 11-19 history 12-37 layout 11-2 malicious packets statistics 11-3 mitigated attacks 11-6 notify 11-13 statistics 11-3 timing 11-2 viewing 11-13, 14-6 attack reports exporting 13-9 attack statistics 14-7 attack type client 11-9 malformed packets 11-10 mitigated attack 11-15 user defined 11-9 zombie 11-8, 11-11 authentication, configuring 3-7 authorization disabling zone command completion 3-18, 5-9 authorization, configuring 3-11, 3-12 auth packet types 7-18 automatic protection mode 9-4 automatic protect mode 1-5, 9-4 B bad packets to proxy drop statistics 14-10 banner configuring login 3-44 basic user filter actions 6-21 basic protection level 1-7, 7-17 Berkley Packet filter 6-12 BGP announcement A-20 Cisco router configuration example 4-7 configuration 4-3 configuration example 4-6 diverting method A-8 Guard configuratio 4-11 Guard configuration 4-4 Juniper router configuration example 4-8 block dynamic filter actions 6-28 block-unauthenticated policy action 7-31 burn flash 13-15 bypass filter command 6-17 configuring 14-5 definition 1-7, 6-2 deleting 6-20 displaying 6-19 C capture, packets 12-19 caution symbol overview xxix CFE 13-15 clear counters command 2-18, 12-6 clear log command 12-14 CLI changing prompt 3-36 command shortcuts 2-9 error messages 2-7 getting help 2-8 issuing commands 2-5 TAB completion 2-8 using 2-2 client attack 11-15 client attack mitigated attacks 11-9 command completion 3-18 command line interface See CLI 2-2 command shortcuts 2-9 comparator 6-4 config privilege level 2-2, 3-8 configuration file copying 13-3 exporting 13-4 importing 13-6 viewing 12-2 importing 13-6 saving 4-1 configuration, accessing command mode 3-17 configuration mode 2-3 configure command 2-11 constructing policies 8-6 copy command packet-dump 12-24 copy commands ftp running-config 13-6 log 12-9, 12-12 new-version 13-13 reports 11-19 running-config 5-15, 13-4 zone log 12-12 copy-from-this 5-7 copy login-banner command 3-45 copy-policies command 8-24 copy wbm-logo command 3-47 counters clearing 2-18, 12-6 history 12-4 counters, viewing 12-4 cpu utilization 12-39 D date command 3-30, 3-31 DDoS attack classification 14-6 overview 1-2 deactivate command 8-9, 9-16 deactivating commands commands, dedactivating 2-6 deactivating protection 9-11 default-gateway command 2-19 default zone 9-8 description command 5-10 detected anomalies 11-4 flow 11-17 diff command 8-21, 8-22 disable command 7-11 disabling automatic export 13-10 disk usage 12-37 distributed denial of service See DDoS diversion A-2 BGP 4-1 BGP diverting method 4-4, A-8 dynamic next hop A-10 layer 2 topology A-5 layer 3 topology A-4 long diversion 4-38, A-7, A-19 static next hop A-9 troubleshooting 14-2 Tunnel 4-35 tunnel 4-35, A-18 divert-from router A-2 DNS detected anomalies 11-5 drop statistics 14-9, 14-10 TCP policy templates 7-4 drop dynamic filter action 6-28 policy action 7-31 statistics 14-8 user filter action 6-21 dropped packets learning 8-2 drop-statistics command 14-7 dst traffic characteristics 7-19 dynamic filter 1000 and more 6-30 actions 6-21, 6-28 command 6-32, 6-34 deactivating 6-35 definition 1-7 deleting 6-34, 14-5 displaying 6-29, 14-4 displaying events 12-10 inactivating 14-5 overview 6-2, 6-27 preventing production of 6-35 sorting 6-29 terminating 6-36 zone malicious rate 6-36 dynamic privilege level 2-2, 3-8 E enable command 3-14, 7-11 password command 3-13 enabling services 3-3 even log deactivating 12-9 event log activating 12-9 event monitor command 12-9 export disabling automatic 13-10 export command 13-9 packet-dump 12-23 reports 11-19 exporting configuration file 13-4 log file 12-12 reports automatically 11-19 extracting signatures 12-30 F facility 12-10 FBF Juniper router configuration example 4-16 file server configuring 13-2 file-server command 13-2 configuring 13-2 deleting 13-3 displaying 13-3, 13-11 file server, displaying sync-config 13-11 filter rate termination threshold 6-36 filters bypass 1-7, 6-17 dynamic 1-7, 6-2, 6-27 flex-content 1-7, 6-4 overview 6-1 user 1-7, 6-20 filter-termination command 6-36 first-hit 3-22, 3-23 fixed-threshold 7-24 flash-burn command 13-15 flex-content filter configuring 6-5 default configuration 12-55 definition 1-7, 6-2 displaying 6-14 dropped 14-8 filtering criteria 6-4 renumbering 6-5 forwarding 4-9, A-8 Layer 2 4-9 layer 2 A-11 layer 3 A-11 PBR-DST 4-12 PBR -VLAN 4-23 PBR VLAN A-14 policy based routing 4-12 VLAN VRF A-15 VPN routing 4-19 VRF A-12 VRF-VLAN 4-27 fragments detected anomalies 11-5 policy template 7-4 G generating signatures 12-30 global mode 2-3 global traffic characteristics 7-19 GRE See tunnel 2-16 Guard self protection 12-54 GUARD_DEFAULT 5-3 GUARD_LINK 5-3 GUARD_TCP_NO_ PROXY 5-4 GUARD_VOIP 5-4 GUARD configuration, importing 5-15 H history command 12-37 host, logging 12-11 host keys deleting 3-28, 3-29 hostname changing 3-36 command 3-36 HTTP detected anomalies 11-5 policy template 7-5 hybrid 11-15 I idle session, configuring timeout 3-49 idle session, displaying timeout 3-49 importing configuration 13-6 importing GUARD configuration 5-15 in-band configuring interface 2-12 incoming TCP drop statistics 14-8 injecting traffic A-23 inject-to router A-2 in packet types 7-18 install new-version command 13-14 interactive operation mode 10-5 policy status 7-33 interactive protection mode 9-4 interactive protect mode 1-5, 9-4 interactive-status command 7-33 interface activating 2-11, 2-13 clearing couters 2-18 command 2-12, 2-14, 2-15, 2-16 configuration mode 2-3 configuring 2-12 configuring IP address2-12to 2-15, 2-16 loopback 2-15 out-of-band 2-11 ip address modifying, zone 5-12 IP address command excluding 5-11 ip address command 2-16 deleting 5-12 interface2-12to 2-15 zone 5-11, 9-3 IPIP See tunnel 2-16 ip route command 2-20 IP scan detected anomalies 11-5 policy template 7-5 IP threshold configuration 7-27 J Juniper routing instance 4-31 routing instances A-16 K keepalive command 2-17 key command add 3-30, 3-33 generate 3-35 remove 3-34 L L2F 4-9, A-11 configuration 4-11 router configuration 4-12 land attack drop statistics 14-11 layer 2 topology A-5 layer 3 topology A-4 learning command 8-8, 8-11 constructing policies 8-6 dropped packets 8-2 overview 8-2 policy-construction command 8-6 synchronizing results 8-5 terminating process 8-8, 8-11 threshold-tuning command 8-9 tuning thresholds 8-8 learning accept command 8-7, 8-10 learning parameters, displaying 8-13 learning params threshold-selection command 8-14 learning-params deactivating periodic action 8-10 deactivating periodic-action command 8-7 periodic-action command 8-7, 8-10, 8-13 threshold-multiplier command 7-25 threshold-selection command 8-10 threshold-tuned command 5-12, 8-16 learning-params fixed-threshold command 7-24 LINK templates 8-6 log displaying subzones 9-10 log file clearing 12-13 exporting 12-9, 12-12 history 12-37 viewing 12-12 logging, viewing configuration 12-11 logging command 12-10 login banner configuring 3-44 deleting 3-46 importing 3-45 login-banner command 3-44 logo, adding WBM 3-47 logo, deleting WBM 3-49 long diversion 4-38, A-7, A-19 Cisco router configuration 4-41 Guard configuration 4-40 loopback interface 2-15 M malformed packets 11-15 mitigated attacks 11-10 malformed packets drop statistics 14-11 malicious packets statistics attack report 11-3 malicious rate termination threshold 6-35 management overview 2-22 SSH 2-24 WBM 2-22 max-services command 7-10 memory consumption 12-38 memory usage, anomaly detection engine 12-38, 12-42 MIB, supported 3-2 min-threshold command 7-10 mitigated attacks client attack 11-9 malformed packets 11-10 overview 11-6 spoofed 11-6 user defined 11-9 monitoring network traffic 12-23, 12-24 MP upgrading 13-13 MPLS LSP A-22 mtu command 2-13, 2-14, 2-16 N netstat command 12-46 network server configuring 13-2 deleting 13-3 displaying 13-3, 13-11 network server, displaying sync-config 13-11 new version installing 13-14 upgrading 13-13 next hop discovery A-24 IGP A-26 IGP + BGP A-27 routing protocols A-24 next-hop router A-2 no learning command 8-8, 8-11 non DNS drop statistics 14-10 no proxy policy templates 7-7 note symbol overview xxix notify 11-13 notify policy action 7-32 ns policy templates 7-7 NTP 3-31 enable service 3-31 permit 3-32 server 3-32 num_sources packet type 7-18 O on-demand 9-3 other protocols detected anomalies 11-5 policy template 7-5 other protocols drop statistics 14-9 out_pkts packet types 7-18 outgoing TCP drop statistics 14-8 out-of-band configuring interface 2-12 out-of-band interface 2-11 P packet-dump auto-capture command 12-18 automatic activating 12-16 deactivating 12-18 displaying settings 12-18 exporting 12-23, 12-24, 13-9 signatures 12-31 packet-dump command 12-19 packets, capturing 12-19 password changing 3-9 enabling 3-13 encrypted 3-9 password, recovering 13-16 PBR A-9, A-11 PBR-DST 4-12 Cisco router configuration 4-15 configuration 4-13 example 4-15 Guard configuration 4-14 PBR -VLAN 4-23 PBR -VLAN Guard configuration 4-24 PBR VLAN A-14 pending dynamic filters 10-2 displaying 10-4, 10-8 periodic action accepting policies automatically 8-10 acepting policies automatically 8-7 deactivating 8-7, 8-10 permit command 2-22, 2-24, 3-3 user filter action 6-21 permit ssh command 3-29 ping command 12-51 pkts packet type 7-18 policy action 7-21, 7-31, 7-32 activating 7-21 adding services 7-14 backing up current 7-39, 8-20, 8-26 command 7-20 configuration mode 2-4 constructing 1-5, 7-4, 8-3, 8-6 copying parameters 8-24 copy-policies 8-24 deleting services 7-15 disabling 7-21 inactivating 7-21 learning-params, fixed-threshold command 7-24 marking as tuned 5-12, 8-16 marking threshold as fixed 7-24 multiplying thresholds 7-26, 14-3, 14-4 navigating path 7-20 packet types 7-17 proxy threshold 7-29 show statistics 7-36 state 7-21 structure 7-2 threshold 7-4, 7-21, 7-23 threshold-list command 7-27 timeout 7-21, 7-29 traffic characteristics 7-19 tuning thresholds 1-5, 7-4, 8-3, 8-8 using wildcards 7-21, 7-34, 7-37 viewing 14-4 viewing statistics 8-12 Policy Based Routing A-9 policy-based routing 4-12 policy set-timeout command 7-30 policy template command 7-8, 7-11 configuration command level 7-8 configuration mode 2-4 displaying list 7-8 max-services 7-10 min-threshold 7-10 overview 7-4, 7-13 parameters 7-8 state 7-11 policy-template add-service command 7-15 policy-template remove service command 7-15 port scan detected anomalies 11-5 policy template 7-5 poweroff command 13-12 pPossible next-hop routers A-2 privilege levels 2-2 assigning passwords 3-13 moving between 3-14 protect activating 2-21 automatic mode 1-5, 9-4 command 9-13 deactivating 9-16 deactivating automatically 9-11 entire zone 9-13 inactivity timeout 9-11 interactive mode 1-5, 9-4 on-demand 9-3 specific IP 9-15 specific ip address 9-15 specific zone IP 9-14 specific zone ip address 9-14 protect command 9-16 protection activation sensitivity 9-8 protection-end-timer command 9-11 protection level analysis 1-7, 7-17 basic 1-7, 7-17 strong 1-7, 7-17 protection levels overview 7-17 protect learning command 8-9 protect-packet command 9-8 protocol traffic characteristics 7-19 proxy command 2-21 configuring 2-21 no proxy policy templates 7-7 proxy-threshold command 7-29 public-key displaying 3-35 R rate-limit command 5-9, 6-17 Rate Limiter dropped 14-8 rates history 12-4 rates, viewing 12-4 reactivate-zones 13-11 reboot command 13-11 rebooting parameters 13-11 recommendations accepting 10-10 activating 10-5, 10-8 change decision 7-33 command 10-9 deactivating 10-4, 10-11 displaying 10-2 ignoring 10-10 overview 10-2 receiving notification 10-2 viewing 10-5 viewing pending-filters 10-4, 10-8 redirect/zombie dynamic filter action 6-28 policy action 7-32 reload command 13-11 remove service command 7-15 renumbering flex-content filters 6-5 renumbering user filters 6-22 replied packets 11-3 report See attack report 11-2 reports details 11-13 displaying subzones 9-11 exporting 13-9 reqs packet type 7-18 router configuration mode 2-3 routing instance 4-31 routing instances A-16 routing table GRM B-6 manipulation 2-19 viewing 2-20 zebra application B-6 RTP/RTCP 5-4 running-config copy 5-15, 13-4, 13-6 show 12-2 S saving configuration 4-1 self-protection command 12-54 service adding 7-14 command 2-22, 3-3 copy 8-24 deleting 7-15 permissions 3-3 snmp-trap 3-37 wbm 2-22 services enabling 3-3 session, configuring timeout 3-49 session, displaying idle timeout 3-49 session timeout, disableling 3-49 session-timeout command 3-49 set-action 7-32 show commands counters 12-4 cpu 12-39 diagnostic-info 12-35 disk-usage 12-37 drop-statistics 14-7 dynamic-filters 6-29, 14-4 file-servers 13-3, 13-11 flex-content-filter 6-14 host-keys 3-29 learning parameters 8-13 learning-params 7-24 log 12-12 log export-ip 12-11 logging 12-11 login-banner 3-44 memory 12-38 packet-dump 12-18 packet-dump signatures 12-31 policies 7-34, 14-3, 14-4 policies statistics 7-36, 8-12 public-key 3-35 rates 12-4, 14-1 recommendations 10-6, 10-7 recommendations pending-filters 10-4, 10-8 reports 14-6 reports details 11-13 running-config 12-2 show 12-3 sorting dynamic-filters 6-29 sync-config file-servers 13-11 templates 5-7 zone policies 7-34 show privilege level 2-2, 3-9 show public-key command 3-35 shutdown command 2-13 signature generating 12-30 SIP detected anomalies 11-5 drop statistics 14-11 malformed packets 11-11 policy template 7-6 spoofed attacks 11-8 user filter action 6-21 zone template 5-4 snapshot backing up policies 7-39, 8-20, 8-26 command 8-19 comparing 8-21 deleting 8-24 displaying 8-22 saving 8-19, 8-20 snapshot command 8-18 snapshots save periodically 8-13 SNMP accessing 3-2 configuring trap generator 3-37 traps description 3-38 snmp commands community 3-43 trap-dest 3-37 source IP tunnel 2-16 specific IP threshold 7-27 speed command 2-13 spoofed attack 11-15 spoofed attacks 11-6 src traffic characteristics 7-19 SSH configuring 2-24 deleting keys 3-34 generating key 3-35 service 2-24 state command 7-21, 14-5 static route adding 2-19 strong dynamic filter action 6-28 policy action 7-31 protection level 1-7, 7-17 user filter action 6-22 sub zone 9-9, 9-10 subzone displaying logs and attack reports 9-10 syn_by_fin packet type 7-18 syns packet type 7-18 syslog configuring export parameters 12-10 configuring server 12-11 message format 12-10 system log message format 12-10 T TACACS+ authentication key generate command 3-26, 3-29 clearing statistics 3-24 configuring search 3-22 configuring server 3-19 server connection timeout 3-23 server encryption key 3-21 server IP address 3-21 viewing statistics 3-24 tacacs-server commands clear statistics 3-24 first-hit 3-20, 3-22, 3-23 host 3-20, 3-21 key 3-20, 3-21 show statistics 3-24 timeout 3-20, 3-23 TCP detected anomalies 11-5 drop statistics 14-9, 14-10 no proxy policy templates 7-7 policy templates 7-5 templates LINK 8-6 viewing policies 5-7 zone 5-3 thresh-mult 7-26, 14-3, 14-4 threshold command 7-23 configuring IP threshold 7-27 configuring list 7-27 configuring specific IP 7-27 filter rate termination 6-36 malicious rate termination 6-35 marking as tuned 5-12, 8-16 multiplying 14-3, 14-4 multiplying before accepting 7-25 selection 8-19 setting as fixed 7-24 tuning 1-5, 8-3 threshold-list command 7-27 threshold selection 8-10 threshold tuning save results periodically 8-13 time, configuring 3-30 timeout command 7-29 timeout session, configuring 3-49 timeout session, disabling 3-49 timesaver symbol overview xxix timezone 3-31 tip symbol overview xxix to-user-filters dynamic filter action 6-28 policy action 7-31 traceroute command 12-49 traffic monitoring 12-23, 12-24 traffic forwarding 4-9, A-8 traffic injection A-23 trap 12-10 trap-dest 3-37 tuning policy thresholds 8-8 tunnel commands 2-16 configuring 2-16 GRE keepalive 2-17 tunnel diversion 4-35, A-18 Cisco router configuration 4-37 Guard configuration 4-36 U UDP detected anomalies 11-5 drop statistics 14-9 policy templates 7-6 unauthenticated drop statistics 14-8 unauth_pkts packet type 7-18 unauthenticated TCP detected anomalies 11-5 upgrading 13-13 MP 13-13 user detected anomalies 11-5 user defined mitigated attacks 11-9 user filter actions 6-21, 6-28 command 6-5, 6-22, 6-23 configuring 6-20 definition 1-7, 6-2 deleting 6-27 displaying 6-25 renumbering 6-22 username encrypted password 3-9 username command 3-8 users adding 3-8 adding new 3-8 assigning privilege levels 3-7 deleting 3-11 privilege levels 2-2, 3-12 system users admin 2-10 riverhead 2-10 username command 3-8 V VLAN configuring 2-14 VLAN policy based routing 4-23 VLAN VPN routing forwarding 4-27 VLAN VRF A-15 Voice over IP See VoIP VoIP detected anomalies 11-5 drop statistics 14-11 malformed packets 11-11 policy template 7-6 spoofed attacks 11-8 user filter action 6-21 zone template 5-4 VPN Routing Forwarding A-9 VPN routing forwarding 4-19 VRF A-9, A-12 VRF - DST Guard configuration 4-20 VRF -DST Cisco router configuration 4-21 VRF - VLAN 4-27 W WBM activating 2-22 WBM logo adding 3-47 deleting 3-49 X XML schema11-19to 11-22, 12-23, 13-10 Z zebra routing table B-6 zombie 11-15 packet counter 12-5 zombie attack 11-17 zone blocking criteria 14-4 blocking flows 14-2 clearing counters 12-6 command 5-5, 5-7, 10-5 command completion 3-18, 5-9 comparing 8-22 configuration mode 2-4, 5-8 copying 5-7 creating 5-5 creating default 9-8 defining IP address 5-11 definition 1-3, 5-2 deleting 5-7 deleting IP address 5-12 duplicating 5-7 excluding IP address 5-11 IP address 5-11 learning 8-2 LINK templates 8-6 malicious rate 9-12 modifying IP address 5-12 operation mode 5-6 protecting 9-2 reconfiguring 5-8 sub 9-9, 9-10 synchronize configuration 5-13 synchronizing offline 5-14 templates 5-3 viewing configuration 5-10 viewing policies 7-34 viewing status 12-3 zone-malicious-rate 6-36 zone policy marking as tuned 5-12, 8-16 zone protection terminating 9-11, 9-16
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.