Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 122

Configuring Intrusion Detection and Prevention Devices Guide
Table 51: IDP Device Configuration: Protocol Thresholds and Configuration Settings (continued)
Setting Description
SMTP Maximum Number of mail recipients–Raises a protocol anomaly if IDP detects an SMTP message containing
more recipients than the specified maximum. The default is 100 recipients.
Maximum Username length in RCPT and MAIL–Raises a protocol anomaly if IDP detects an SMTP message
with a username containing more bytes than the specified maximum. The default is 256 bytes.
Maximum Domain name length in RCPT and MAIL–Raises a protocol anomaly if IDP detects an SMTP
message with a domain name containing more bytes than the specified maximum. The default is 64 bytes.
Maximum Path length in RCPT and MAIL–Raises a protocol anomaly if IDP detects an SMTP message with
a pathname containing more bytes than the specified maximum. The default is 256 bytes.
Maximum Command line length (before DATA)–Raises a protocol anomaly if IDP detects an SMTP message
with a command-line entry containing more bytes than the specified maximum. The default is 1024 bytes.
Maximum Reply line length from server (default)–Raises a protocol anomaly if IDP detects an SMTP message
with a reply line from the server containing more bytes than the specified maximum. The default is 512 bytes.
Maximum Text line length (after DATA)–Raises a protocol anomaly if IDP detects an SMTP text line containing
more bytes than the specified maximum. The default is 1024 bytes.
Maximum number of nested mime multi-part attachments–Raises a protocol anomaly if IDP detects more
nested attachments than the specified maximum. The default is 4 nested mime multi-part attachments.
Maximum number of base-64 bytes to decode–Raises a protocol anomaly if IDP detects more bytes of
encoded mime data than the specified maximum. The default is 64 bytes.
Maximum length of the value for content-type's name attribute–Raises a protocol anomaly if IDP detects
a name attribute in the content-type header containing more bytes than the specified maximum. The default
is 128 bytes.
Maximum length of the value for the content-disposition's filename attribute–Raises a protocol anomaly
if IDP detects a filename attribute in the content-disposition header containing more bytes than the specified
maximum. The default is 128 bytes.
Look for email headers in message data–Controls whether IDP looks for e-mail headers in the message data,
which can occur when a bounced email contains an attachment. This setting is not enabled by default.
SYSLOG Validate RFC-3164 compliant timestamp format–If selected, the security module checks the timestamp in
syslog traffic to ensure that it is compliant with RFC 3164. If the timestamp is not compliant, the security
module considers the traffic a possibly anomaly. This setting is not enabled by default.
TELNET Maximum number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects
more login failures than the specified maximum. The default is 4 TELNET login failures per minute.
TFTP Maximum Filename length–Raises a protocol anomaly if IDP detects a filename containing more bytes than
the specified maximum. The default is 128 bytes.
106 Copyright © 2010, Juniper Networks, Inc.