Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
Table 33: Network Honeypot Rulebase Rule Properties (continued)
Option
Impersonate > Destination
Impersonate > Service
Operation
IP Action
Notification
Function
Specifies the address object
that is the destination of the
traffic, typically a server or
other device on your network.
Specifies the services running
on your network.
Specifies whether or not IDP
fakes open ports.
Allows you to log, drop, or
close the current connection
for each attack that matches
a rule.
Allows you to create log
records with attack
information that you can view
real-time in the Log Viewer.
NOTE: For more critical
attacks, you can also set an
alert flag to appear in the log
record.
Chapter 4: Configuring Security Policies
Your Action
Select the destination object.
NOTE: You can also negate one
or more address objects to specify
all destinations except the
excluded object.
Select the services you want to
monitor.
Select any of the following
options:
Ignore—This option allows free
passage on your network when
creating rules for trusted traffic.
Impersonate—IDP creates a
fake port open to the public
based on the destination IP
addresses and service you
selected.
Select Configure to do any one of
the following actions:
Enabled—Enable IP actions.
Action—Specifies the action you
want the IDP to take.
Block—Specifies which
parameters IDP will use to close
or block further connections
from the drop-down list.
Logging—Specifies the log
action for a matching event.
Timeout (sec)—Specifies the
number of seconds that this
action remains in effect on IDP
after a traffic match.
Select Configure to create log
records.
NOTE: The Configure menu option
does not appear if the Mode
column is set to None.
Select Logging to have a log
record created each time the
rule is matched.
Select Alert to have an alert flag
placed in the Alert column of
the Log Viewer for the matching
log record.
In the Log Actions tab, select
desired log actions, if any.
55
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1