Table of Contents
Advertisement
Table 4: Resolved Issues (continued)
PR
Description
Detection Accuracy
414795
Resolved an issue where APE rules could behave unexpectedly. If you configured a rule to drop Telnet traffic,
for example, all traffic running over the standard Telnet port (port 23) would be dropped.
436273
Improved accuracy detecting attacks in highly fragmented HTTP traffic.
Logging / Packet Capture
274827
All formats: Corrected log messages when an IDP rulebase rule matches ICMP or UDP attacks and the rule
action is set to close client and server. The action actually taken is a drop connection. In previous releases, the
log had been the action specified in the rule—"close client and server". In this release, we now report the action
actually taken by the IDP Series device—"drop connection".
392392
Packet capture: You cannot use
a new utility, called
388321
Changed threshold: When traffic through the IDP Series device exceeds session capacity, the device generates
an event log and drops the traffic (if the constant for logging implicit drops is enabled). To avoid generating
many logs around a similar event, the IDP Series device does not log additional instances until a threshold is
reached. In this release, we have changed the delay threshold from 1024 to 100 instances.
429095
Syslog: NIC state events reported in syslog messages had not indicated that the virtual router has returned to
"Normal mode".
429097
Syslog: Changes in link status (link down or link up) had not been reported in syslog messages.
430766
NSM Profiler: Updates to Network Profile tab logs had lagged behind Protocol Profile tab logs. These two views
are now updated simultaneously.
440475
NSM Log Viewer: Resolved an issue where variable data had not been displayed in the NSM Log Viewer collection.
493119
SNMP: The SNMP trap jnxIdpSensorFreeDiskSpace had been generated when the disk space exceeds the
threshold but a downtrap had not been generated when it fell below the threshold.
495852
SNMP: In IDP OS 5.0r2 release notes, we reported that we had changed the polling interval for SNMP traps and
SNMP polling to five minutes to decrease latency and CPU utilization for single core platforms (IDP600, IDP200,
IDP75), where the IDP engine, JNET driver, and control plane processes share the same CPU.
SNMP reporting has been improved in IDP OS Release 5.1. For single core platforms, CPU utilization is reported
at 5 seconds, 1 minute, and 5 minutes. Traps are sent for the 1 minute and 5 minute intervals.
547870
Resolved an issue where the packet reassembly module had generated an inordinate number of logs for the
same issue, leading to disk usage concerns.
Copyright © 2011, Juniper Networks, Inc.
to capture packets in both directions. In IDP OS Release 5.1, we support
tcpdump
, that you can use to capture packets in both directions.
jnetTcpdump
Resolved Issues
13
Advertisement
Table of Contents
