Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1 Manual page 56

Configuring Intrusion Detection and Prevention Devices Guide
Table 23: IDP Rulebase Actions
Action
Recommended
None
Ignore
Diffserv Marking
Drop Packet
Drop Connection
Close Client and Server
Close Client
Close Server
Table 24: IDP Rulebase Actions: Recommended Actions by Severity
Severity Description
Critical Attacks attempt to evade an IPS, crash a machine,
or gain system-level privileges.
Major Attacks attempt to crash a service, perform a
denial of service, install or use a Trojan, or gain
user-level access to a host.
Minor Attacks attempt to obtain critical information
through directory traversal or information leaks.
Warning Attacks attempt to obtain noncritical information
or scan the network. They can also be obsolete
attacks (but probably harmless) traffic.
40
Description
Predefined attack objects include a recommended action. The recommended action is related to
severity. Table 24 on page 40 lists the recommended actions by severity.
IDP inspects for attacks but takes no action against the connection if an attack is found.
IDP does not inspect for attacks and ignores the connection.
IDP assigns the indicated service-differentiation value to the packet, and then passes it on normally.
Set the service-differentiation value in the dialog box that appears when you select this action in
the rulebase.
NOTE: The marking has no effect in sniffer mode.
IDP drops a matching packet before it can reach its destination but does not close the connection.
Use this action to drop packets for attacks in traffic that is prone to spoofing, such as UDP traffic.
Dropping a connection for such traffic could result in a DoS that prevents you from receiving traffic
from a legitimate source address.
IDP drops the connection without sending an RST packet to the sender, preventing the traffic from
reaching its destination. Use this action to drop connections for traffic that is not prone to spoofing.
IDP closes the connection and sends an RST packet to both the client and the server. If IDP is in
sniffer mode, IDP sends an RST packet to both the client and server but does not close the
connection.
IDP closes the connection to the client but not to the server.
IDP closes the connection to the server but not to the client.
Table 24 on page 40 describes the logic applied to the value Recommended, a setting
coded in predefined attack objects provided by Juniper Networks Security Center.
Recommended Action
Drop Packet, Drop Connection
Drop Packet, Drop Connection
None
None
Copyright © 2010, Juniper Networks, Inc.