extremenetworks
diff --git a/‎EXOS Policy/AutomaticiSCSIProvisioning/iscsi-Readme.txt‎
Lines changed: 82 additions & 0 deletions b/‎EXOS Policy/AutomaticiSCSIProvisioning/iscsi-Readme.txt‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎EXOS Policy/AutomaticiSCSIProvisioning/iscsi.pol‎
Lines changed: 43 additions & 0 deletions b/‎EXOS Policy/AutomaticiSCSIProvisioning/iscsi.pol‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎EXOS Policy/BcastStormDetect/BcastStormDetect.pol‎
Lines changed: 67 additions & 0 deletions b/‎EXOS Policy/BcastStormDetect/BcastStormDetect.pol‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎EXOS Policy/BcastStormDetect/bcast-Readme.txt‎
Lines changed: 80 additions & 0 deletions b/‎EXOS Policy/BcastStormDetect/bcast-Readme.txt‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎EXOS Policy/NetworkReconDetect/ReconDetect.pol‎
Lines changed: 100 additions & 0 deletions b/‎EXOS Policy/NetworkReconDetect/ReconDetect.pol‎
Lines changed: 100 additions & 0 deletions
@@ -0,0 +1,82 @@
+*****************************
+iSCSI Auto-provisioning
+https://marketplace.extremenetworks.com/#details/iSCSI_Auto_provisioning
+*****************************
+
+
+Files:
+*****************************
+iscsi.pol 		-  The Example policy file
+iscsi-Readme.txt	-  This Readme
+
+
+Infrastructure Requirements
+*******************************
+Firmware: ExtremeXOS(TM) 11.6.x and Newer for iscsi.pol standard
+Platform(s): Summit Series; BlackDiamond 8800, 8900-series, 8900-XL series,
+             BlackDiamond BDX
+
+
+Description:
+*****************************
+This simple script uses CLEAR-Flow to identify iSCSI traffic (port 3260),
+assign it the right Quality of Service, and enable jumbo frames.
+This pre-provisioned settings in a network allows iSCSI traffic to be
+protected in a higher priority queue.
+
+
+Example:
+****************************
+<X650 Running CLEAR-FLow policy> (Rule becomes true)
+<X650 Running CLEAR-FLow policy> (CLEAR-Flow takes configured actions
+                                  (e.g. QoS Provision))
+
+
+In the above example the rule becomes true and CLEAR-Flow executes its actions
+automatically.
+
+
+Notes:
+*******************************
+- This requires a CLEAR-Flow enabled switch
+
+1.0 - (1 April 2010) First Version of the script
+1.1 - (17 April 2012) Version tested for xKit
+
+
+License:
+*******************************
+Copyright (c) 2015, Extreme Networks
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Support
+******************************
+The software is provided as is and Extreme has no obligation to provide
+maintenance, support, updates, enhancements or modifications.
+Any support provided by Extreme is at its sole discretion.
+Issues and/or bug fixes may be reported in the Hub:
+
+https://community.extremenetworks.com/extreme
+
+Be Extreme,
@@ -0,0 +1,43 @@
+@description "Auto iSCSI Example"
+#############################################################################
+#
+# Policy        	: Automatic iSCSI Provisioning 
+# Revision      	: 1.1
+# EXOS Version(s)  	: 15.1.x and Newer
+# Last Updated  	: April 17, 2012
+#
+# Purpose: 
+# This simple script uses CLEAR-Flow to identify iSCSI traffic (port 3260) ,  assign it the right 
+# Quality of Service, and enable jumbo frames. This pre-provisioned settings in a network allows 
+# iSCSI traffic to be protected in a higher priority queue.
+#
+# Contact			: https://community.extremenetworks.com/extreme
+###############################################################################
+#  Change Log
+#
+# 	19 April 2010: Change Log Created
+#   17 April 2012: Verified on 15.1.1.6
+################################################################################
+
+
+entry iscsi_count {
+ if {
+     protocol tcp;
+     destination-port 3260;
+ } then {
+     permit;
+     count iscsi_count;
+ }
+}
+entry iscsi_configure {
+ if match all {
+     count iscsi_count >= 100; period 5; hysteresis 50;
+ } then {
+ 		# Configure your QP as needed
+     qosprofile iscsi_count qp5;
+     	# Automatically Enables Jumbo frames, uncomment as needed
+   		# cli "enable jumbo-frame ports all";
+ } else {
+     permit iscsi_count;
+ }
+}
@@ -0,0 +1,67 @@
+@description "BcastStormDectect Example"
+#############################################################################
+#
+# Script        	: Broadcast Storm Detection
+# Revision      	: 1.2
+# EXOS Version(s)  	: 11.6.x and Newer
+# Last Updated  	: April 21, 2010
+#
+# Purpose:  This policy provides a CLEAR-Flow monitoring example that
+#           inspects received broadcast message packets (destination
+#           MAC address of FF:FF:FF:FF:FF:FF) to spot potential remote 
+#           broadcast storm attacks.  Shown in this policy are three entry 
+#           points:
+#  
+#           1.  UDP broadcast message counter
+#           2.  TCP broadcast message counter
+#           3.  CLEAR-Flow delta expression for determining 
+#               a potential broadcast storm.
+#
+# Note:     The ratio of broadcast packets greater than 100,000 per second
+#           is for illustrative purposes only.  This ratio should be 
+#           adjusted based on actual network activity.
+#
+# Author			: Extreme Extensibility Team
+# Contact			: https://community.extremenetworks.com/extreme
+###############################################################################
+#  Change Log
+#  21 April 2010 : Change Log Created
+# 
+###############################################################################
+
+##############################################################################
+# UDP broadcast entry point
+##############################################################################
+
+entry ACL_BCAST_UDP {
+if {
+ 	protocol UDP;  ethernet-destination-address FF:FF:FF:FF:FF:FF mask FF:FF:FF:FF:FF:FF;
+}
+then {
+ 	count BCAST;
+} }
+
+##############################################################################
+# TCP broadcast entry point
+##############################################################################
+
+entry ACL_BCAST_TCP {
+if {
+ 	protocol TCP;  ethernet-destination-address FF:FF:FF:FF:FF:FF mask FF:FF:FF:FF:FF:FF;
+}
+then {
+ 	count BCAST;
+} }
+
+##############################################################################
+# CLEAR-Flow Broadcast check entry point
+##############################################################################
+
+entry BCAST_UN_LVL1 {
+if {
+	# This period should be adjusted to fit your requirements
+ 	delta BCAST > 100000; period 1;
+} then {
+        snmptrap 8009 "BCAST_UN LVL 1";
+ 	syslog "BCAST_UN LVL 1" CRIT;
+} }
@@ -0,0 +1,80 @@
+*****************************
+Broadcast Storm Detect
+https://marketplace.extremenetworks.com/#details/Broadcast_Storm_Detect
+*****************************
+
+
+Files:
+*****************************
+BcastStormDetect.pol	-  The Example policy file
+bcast-Readme.txt	-  This Readme
+
+Infrastructure Requirements
+*******************************
+Firmware: ExtremeXOS(TM) 11.6.x and Newer for BcastStormDetect.pol standard
+Platform(s): Summit X450a, X480, X650; BlackDiamond 8800 c-series, 8900-series, 8900-XL series, BlackDiamond 10K, 12K 
+
+Description: 
+*****************************
+Purpose: This policy provides a CLEAR-Flow monitoring example that 
+inspects received broadcast message packets to detect potential
+broadcast storm attacks.  Both TCP and UDP broadcast packets are
+counted and should the sum of these broadcast messages exceed 
+100,000 in one second.  In this case, an SNMP trap is issued 
+along with a syslog message to provide notification of a 
+potential broadcast storm attack.
+
+Example: 
+****************************
+<X650 Running CLEAR-FLow policy> (Rule becomes true)
+<X650 Running CLEAR-FLow policy> (CLEAR-Flow takes configured actions
+                                  (e.g. QoS BCast Traffic))
+
+
+In the above example the rule becomes true and CLEAR-Flow executes its
+actions automatically.
+
+
+Notes:
+*******************************
+ - This requires a CLEAR-Flow enabled switch
+
+1.0 - (1 April 2010) First Version of the script
+
+
+License:
+*******************************
+Copyright (c) 2015, Extreme Networks
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+Support
+******************************
+The software is provided as is and Extreme has no obligation to provide
+maintenance, support, updates, enhancements or modifications.
+Any support provided by Extreme is at its sole discretion.
+Issues and/or bug fixes may be reported in the Hub:
+
+https://community.extremenetworks.com/extreme
+
+Be Extreme,
@@ -0,0 +1,100 @@
+@description "ReconDetect Example"
+
+#############################################################################
+#
+# Script        	: Network Recon Detection
+# Revision      	: 1.3
+# EXOS Version(s)  	: 15.1.x and Newer
+# Last Updated  	: April 12, 2012
+#
+# Purpose:  This policy provides a CLEAR-Flow monitoring example that
+#           inspects the TCP flags on all received TCP packets to detect
+#           potential TCP flag filtering attacks. Shown in this policy are
+#           multiple entry points:
+#  
+#           1.  TCP FIN flag counter
+#           2.  TCP SYN flag counter
+#           3.  TCP RESET flag counter
+#           4.  TCP PUSH flag counter
+#           5.  TCP PUSHSYN flag counter
+#           6.  TCP RESETACK flag counter
+#           7.  TCP RESETPUSH flag counter
+#           8.  CLEAR-Flow delta expression for determining 
+#               a potential TCP flag filtering attack.
+#
+# Note:     The delta ratio of 4000 TCP all flag packets per second is
+#           for illustration purposes only.  This ratio should be adjusted
+#           based on the network traffic of the environment.
+#
+##############################################################################
+#  Change Log
+#
+# 	19 April 2010: Change Log Created
+#   19 April 2012: Verified on newer platforms with CLEAR-Flow support added
+################################################################################
+
+##############################################################################
+# TCP all flags entry points
+##############################################################################
+
+entry ACL_FINFLAGS_TCP {
+if {
+ 	protocol TCP;  tcp-flags 0x01; 
+}
+then {
+ 	count ALLFLAGS_TCP;
+} }
+
+entry ACL_SYNFLAGS_TCP {
+if {
+	protocol TCP; tcp-flags 0x02 ;
+} then {
+	count ALLFLAGS_TCP;
+} }
+
+entry ACL_RESETFLAGS_TCP {
+if {
+	protocol TCP; tcp-flags 0x04 ;
+} then {
+	count ALLFLAGS_TCP;
+} }
+
+entry ACL_PUSHFLAGS_TCP {
+if {
+	protocol TCP; tcp-flags 0x08 ;
+} then {
+	count ALLFLAGS_TCP;
+} }
+
+entry ACL_PUSHSYNFLAGS_TCP {
+if {
+	protocol TCP; tcp-flags 0x10 ;
+} then {
+	count ALLFLAGS_TCP;
+} }
+
+entry ACL_RESETACKFLAGS_TCP {
+if {
+	protocol TCP; tcp-flags 0x20 ;
+} then {
+	count ALLFLAGS_TCP;
+} }
+
+entry ACL_RESETPUSHFLAGS_TCP {
+if {
+	protocol TCP; tcp-flags 0x12 ;
+} then {
+	count ALLFLAGS_TCP;
+} }
+
+##############################################################################
+# CLEAR-Flow TCP all flags check entry point
+##############################################################################
+
+entry ALLFLAGS_UN_LVL1 {
+if {
+ 	delta ALLFLAGS_TCP > 4000; period 1;
+} then {
+ 	snmptrap 8007 "ALLFLAGS_UN LVL 1";
+        syslog "ALLFLAGS_UN LVL 1" CRIT;
+} }