Table of Contents
Advertisement
Table 49: IDP Device Configuration: Run-Time Parameters
Setting
Backdoor Detection
Copyright © 2010, Juniper Networks, Inc.
To configure run-time parameters:
In NSM Device Manager, double-click the IDP device for which you want to configure
1.
run-time parameters. The device configuration editor appears
Click Sensor Settings.
2.
Click the Run-time Parameters tab.
3.
Configure run-time settings using Table 49 on page 89.
4.
Click Apply.
5.
Click OK.
6.
Description
Minimum interval between consecutive small packets (microseconds) / Maximum interval
between consecutive small packets (microseconds)–Controls the minimum and maximum
intervals (in microseconds) between the arrival of two consecutive small packets in suspected
interactive traffic. If the IDP device sees small packets arrive in less than the minimum or more than
the maximum number of microseconds, it does not consider the traffic to be interactive.
The defaults are 20,000 and 2,00,00,000. This means that consecutive small packets must arrive
within 20,000 to 2,00,00,000 microseconds to be considered interactive.
Byte threshold for packet sizes in a backdoor connection–Controls the maximum number of
bytes a TCP packet must contain before the IDP device uses the packet for backdoor detection
heuristics. The default is 20 bytes.
Minimum number of data carrying TCP packets–Controls the minimum number of data-carrying
TCP packets in suspected interactive traffic. The default is 20 packets.
Minimum percentage of back-to-back small packets–Controls the minimum percentage of
consecutive small packets in suspected interactive traffic. If the IDP device sees less than this
percentage, it does not report a backdoor event. The default is 20%.
Ratio of small packets to the total packets (percentage)–Controls the minimum percentage of
small packets that the IDP device uses for backdoor detection heuristics. If the IDP device sees less
than this minimum, it does not report a backdoor event. The default is 20%.
Chapter 8: Configuring Intrusion Detection and Prevention Device Settings
89
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1