Flow Utilities
| Module Name | Description (click more for detailed information) |
|---|---|
| FM_flow_sourceIP | retrieve source IP address from incoming flow more… |
| FM_flow_destinationIP | retrieve destination IP address from incoming flow more… |
| FM_flow_sourcePort | retrieve source transport-layer port number from incoming flow more… |
| FM_flow_destinationPort | retrieve destination transport-layer port number from incoming flow more… |
| FM_flow_sourceMAC | retrieve source MAC address from incoming flow more… |
| FM_flow_destinationMAC | retrieve destination MAC address from incoming flow more… |
| FM_flow_arpSender | retrieve MAC address of the sender of arp reply from incoming flow more… |
| FM_flow_arpTarget | retrieve MAC address of the target of arp reply from incoming flow more… |
| FM_flow_tcpip | select source/destination port numbers and IP addresses of the incoming flow more… |
Basic Operations
| Module | Description |
|---|---|
| FM_match_ip | match a specific IP address more… |
| FM_match_port | match a specific port number more… |
| FM_match_mac | match a specific MAC address more… |
| FM_arith_equal | check if input Integer is equal to configured Integer more… |
| FM_arith_larger | check if input Integer is larger than configured Integer more… |
| FM_arith_smaller | check if input Integer is smaller than configured Integer more… |
| FM_logic_and | and operation upon two boolean input more… |
| FM_logic_or | or operation upon two boolean input more… |
| FM_count_ip | count the frequency of the input IP address more… |
| FM_output_bool | output a boolean value according to predefined logic more… |
| FM_output_int | output a int value according to configuration more… |
| FM_output_ip | output an int value according to predefined IP address more… |
| FM_output_mac | output a long (int) value according to predefined MAC address more… |
Security Actions
| Module | Description |
|---|---|
| FM_drop_flow | drop action on current pending flow more… |
| FM_forward_flow | forward action on current pending flow more… |
| FM_mirror_flow | mirror incoming flow to a specific switch port more… |
| FM_redirect_ip | redirect traffic from a host with specified IP more… |
| FM_block_ip | block traffic from a host with specified IP more… |
| FM_quarantine_ip | quarantine traffic from a host with specified IP more… |
Network Attack Detection
| Module | Description |
|---|---|
| FM_find_scan | detect if there is scanning attack in the network more… |
| FM_find_arpSpoofing | detect if there is arp poisoning attack in the network more… |
Network Service
| Module | Description |
|---|---|
| FM_load_balance | Round-robin based load-balance service more… |
Third Party
| Module | Description |
|---|---|
| FM_find_bufferoverflow | Detect buffer overflow attack by counting the number of “NOP” in the payload of the packet more… |
| FM_http_extGuard | Block HTTP requests for a particular extension more… |
| FM_calc_interval_freq | Output the frequency of an ip address for a interval more… |