Table of Contents
Advertisement
Configuring Intrusion Detection and Prevention Devices Guide
Table 51: IDP Device Configuration: Protocol Thresholds and Configuration Settings
Setting
Description
AIM
Maximum header length–Raises a protocol anomaly if IDP detects a header containing more bytes than the
specified maximum. The default is 10,000 bytes.
Maximum type-length-value length–Raises a protocol anomaly if IDP detects an AIM/ICQ type-length-value
(TLV) containing more bytes than the specified maximum. A TLV is a tuple used for passing typed information
to the protocol. The default is 8000 bytes.
Maximum inter-client-message-block length–Raises a protocol anomaly if IDP detects an AIM/ICQ
inter-client-message-block (ICMB) containing more bytes than the specified maximum. The default is 2000
bytes.
Maximum filename length–Raises a protocol anomaly if IDP detects an AIM/ICQ file name containing more
bytes than the specified maximum. The default is 10,000 bytes.
DHCP
Check to see if the source port of client's packets is 68—Raises a protocol anomaly if IDP detects DHCP
traffic that originates from a port other than 68. This setting is not enabled by default.
DNS
Report unknown DNS parameters (high noise)–Detects and reports unknown DNS parameters.
You must also configure an IDP rulebase rule to detect DNS anomalies. This setting is not enabled by default.
Report unexpected DNS parameters (high noise) –Detects and reports unexpected DNS parameters. This
setting is not enabled by default.
You must also configure an IDP rulebase rule to detect DNS anomalies.
Maximum length of a DNS UDP packet –Raises a protocol anomaly if IDP detects a DNS UDP packet containing
more bytes than the specified maximum. The default is 512 bytes.
Maximum size of a NXT resource record –Raises a protocol anomaly if IDP detects an NXT resource record
in a DNS request or response message of a greater size. The default is 4096 bytes.
This setting tunes the following protocol anomaly attack object: DNS_BIND_NXT_OVERFLOW (key is
DNS:OVERFLOW:NXT-OVERFLOW).
Maximum time of a dns cache –Controls the maximum amount of time for a DNS query and reply. The default
is 60 seconds.
Maximum number of logs in a session –Controls the maximum number of DNS queries kept to match a reply.
The default is 1000 queries.
96
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1