Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 117

Table 51: IDP Device Configuration: Protocol Thresholds and Configuration Settings (continued)
Setting Description
LDAP Maximum length of Integer representation in BER encoding–Raises a protocol anomaly if IDP detects an
integer field of the LDAP BER containing more bytes than the specified maximum. The default is 4 bytes.
Maximum number of left zeros for tag in BER encoding–Raises a protocol anomaly if IDP detects more left
zeros in any tag in LDAP BER encoding than the specified maximum. The default is 4 left zeros.
Maximum value of any LDAP tag in BER encoding–Raises a protocol anomaly if IDP detects a value for a
tag that can be seen in the LDAP BER encoding that is greater than the specified maximum. LDAP tags are
represented using 1 byte, with the top 3 bits reserved. The default is 31.
Maximum number of left zeros for length in BER encoding–Raises a protocol anomaly if IDP detects more
left zeros in any length field in LDAP BER encoding than the specified maximum. The default is 64 left zeros.
Maximum number of search results requested by LDAP client–Raises a protocol anomaly if IDP detects an
LDAP client request for more matching entries than the specified maximum. The default is 0 (indicating no
limit).
Maximum timelimit for search result requested by LDAP client–Raises a protocol anomaly if IDP detects a
time limit greater than the specified maximum. The time limit is the number of seconds before a client request
times out waiting for a response from the server. The default is 0 (indicating no limit).
Maximum length of an LDAP Attribute Descriptor–Raises a protocol anomaly if IDP detects a length of an
attribute descriptor field in an LDAP message containing more bytes than the specified maximum. The default
is 512 bytes.
Maximum length of an LDAP Distinguished Name–Raises a protocol anomaly if IDP detects a length of a
distinguished name field in the LDAP message containing more bytes than the specified maximum. The default
is 512 bytes.
Maximum value of Message id in any LDAP Message –Raises a protocol anomaly if IDP detects a message
ID greater than the specified maximum. The default is 2,14,74,83,647.
Maximum length of an LDAP message–Raises a protocol anomaly if IDP detects a LDAP message that will
be processed by the LDAP subsystem larger than the specified maximum. The default is 8100 bytes.
This setting tunes the MESSAGE_TOO_LONG attack object. If IDP raises this anomaly, it logs the event and
skips the message.
Maximum number of nested operators in an LDAP search request–Raises a protocol anomaly if IDP detects
a number of nested levels allowed in an LDAP search request filter argument greater than the specified
maximum. The default is 8 nested operators.
Maximum Number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects
more login failures than the maximum. The default is 4 LDAP login failures per minute.
Copyright © 2010, Juniper Networks, Inc.
Chapter 8: Configuring Intrusion Detection and Prevention Device Settings
101