Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 115

Table 51: IDP Device Configuration: Protocol Thresholds and Configuration Settings (continued)
Setting Description
IDENT Maximum requests per session–Raises a protocol anomaly if IDP detects more IDENT (identification protocol)
requests than the specified maximum. The default is 1 request per session.
This setting tunes the Too Many Requests attack object (key is IDENT:OVERFLOW:REQUEST-NUM).
Maximum Request length–Raises a protocol anomaly if IDP detects an IDENT request containing more bytes
than the specified maximum. The default is 15 bytes.
This setting tunes the Request Too Long attack object (key is IDENT:OVERFLOW:REQUEST).
Maximum Reply length–Raises a protocol anomaly if IDP detects an IDENT reply containing more bytes than
the specified maximum. The default is 128 bytes.
This setting tunes the Reply Too Long attack object (key is IDENT:OVERFLOW:REPLY).
IKE Maximum number of payloads in an IKE message–Raises a protocol anomaly if IDP detects an IKE message
with a higher number of payloads. The default is 57 payloads.
This setting tunes detection with the TOO-MANY-PAYLOADS attack object (key is
IKE:MALFORMED:2MANY-PAYLOAD).
IMAP Maximum Line length–Raises a protocol anomaly if IDP detects an IMAP line containing more bytes than the
maximum. The default is 2048 bytes.
Maximum Username length–Raises a protocol anomaly if IDP detects an IMAP username containing more
bytes than the maximum. The default is 64 bytes.
Maximum Password length–Raises a protocol anomaly if IDP detects an IMAP password containing more
bytes than the specified maximum. The default is 64 bytes.
Maximum Mailbox length–Raises a protocol anomaly if IDP detects an IMAP mailbox containing more than
the maximum. The default is 64 bytes.
Maximum Reference length –Raises a protocol anomaly if IDP detects an IMAP reference containing more
bytes than the specified maximum. The default is 64 bytes.
Maximum Flag length–Raises a protocol anomaly if IDP detects an IMAP flag containing more bytes than
the specified maximum. The default is 64 bytes.
Maximum Literal length–Raises a protocol anomaly if IDP detects a literal with more octets than the specified
maximum. In IMAP4 protocol, a string can be in one of two forms: literal and quoted. As defined in RFC 2060
4.3, a literal is a sequence of zero or more octets (including CR and LF), prefix-quoted with an octet count in
the form of an open brace ("{"), the number of octets, close brace ("}"), and CRLF. Valid range is 1 to 1,67,77,215.
The default is 65,535 bytes.
This setting tunes detection with the imap_literal_length_overflow attack object (key is
IMAP:OVERFLOW:LIT_LENGTH_OFLOW).
Maximum number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects
more login failures than the maximum. The default is 4 IMAP login failures per minute.
Copyright © 2010, Juniper Networks, Inc.
Chapter 8: Configuring Intrusion Detection and Prevention Device Settings
99