Example: Perpetual echo policy
This example is of an IDS attack-type policy that targets perpetual echoes on local port 7 and remote port 7.
UDP port 7 is the echo port. In an attack, if the header specifies the source and target ports as port 7, the UDP datagram echoes back and forth between the local port 7 and the remote UDP port 7.
This example uses the same IDS action, idsact2, as Example: Restricted IP options policy.
ibm-idsConditionAuxClass idscond5 # IDS condition { ibm-idsConditionType ATTACK ibm-idsAttackType PERPETUAL_ECHO ibm-idsLocalPortRange 7 ibm-idsRemotePortRange 7 ibm-policyIdsActionName idsact2 }
Parent topic:
Editing the intrusion detection policy file