Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 120

Configuring Intrusion Detection and Prevention Devices Guide
Table 51: IDP Device Configuration: Protocol Thresholds and Configuration Settings (continued)
Setting Description
NTP Minimum time (in seconds) between two requests–Raises a protocol anomaly if IDP detects the time
between two client-to-server NTP requests is greater than the specified maximum. Valid values range from
64 to 1024 seconds. The default is 0 seconds (which turns the feature off).
Maximum length for NTPv3 message–Raises a protocol anomaly if IDP detects an NTPv3 message containing
more bytes than the specified maximum. The default is 68 bytes.
Maximum length for NTPv4 message–Raises a protocol anomaly if IDP detects an NTPv4 message containing
more bytes than the specified maximum. The default is 68 bytes.
Maximum stratum value for any NTP peer–Raises a protocol anomaly if IDP detects a stratum value larger
than the specified maximum. The default is 15 bytes.
Maximum time since last update of Reference clock–Raises a protocol anomaly if IDP detects that the NTP
reference clock has not been updated in more time than the specified maximum. The default is 86,400
seconds.
Match timestamps on NTP request and response–Enables IDP to perform timestamp matching on client
requests and server responses. With this setting enabled, IDP expects the server response original timestamp
to match the client request transmit timestamp; otherwise IDP considers the packet a possible protocol
anomaly. This setting is enabled by default.
Maximum Authorization field length in NTP control message–Raises a protocol anomaly if IDP detects that
the length of the Authentication fields in an NTP control message is larger than the specified maximum. The
default is 20 bytes.
Maximum length of any NTP control variable–Raises a protocol anomaly if IDP detects that the length of
NTP control data variable name is larger than the specified maximum. The default is 128 bytes.
Maximum length of any NTP variable value–Raises a protocol anomaly if IDP detects that the length of any
NTP control data variable value is larger than the specified maximum. The default is 255 bytes.
Maximum length of buffer to store between control packets–NTP control messages can be split across
multiple UDP packets. This setting is the maximum number of characters that IDP stores in memory to ensure
continuity from one packet to the other. The default is 255 bytes.
Maximum time for an NTP Symmetric passive association to dissolve–A symmetric passive association
between two NTP peers must be dissolved after sending one reply. This setting is the time in seconds after
which IDP considers such an association as expired.The default is 900 seconds.
104 Copyright © 2010, Juniper Networks, Inc.