Specifying Rule Ip Action - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual

Table 24: IDP Rulebase Actions: Recommended Actions by Severity (continued)
Severity Description
Info Attacks are normal, harmless traffic containing
URLs, DNS lookup failures, and SNMP public
community strings. You can use informational
attack objects to obtain information about your
network.

Specifying Rule IP Action

Table 25: IDP Rulebase IP Actions
IP Action
IP Block
IP Close
Copyright © 2010, Juniper Networks, Inc.
NOTE: Our severity rating is not based on CVSS (Common Vulnerability
Scoring System). We do include data from Bugtraq (Symantec) and CVE
(Common Vulnerabilities and Exposures).
If the IDP device matches an attack, it can take action not only against the current session
but also against future network traffic that uses the same IP address. Such actions are
called IP actions. By default, the specified IP action is permanent (timeout = 0). If you
prefer, you can set a timeout.
To specify an IP action, right-click the table cell and configure options.
Table 25 on page 41 describes IDP rulebase IP actions.
Description
IDP blocks the matching connection and future connections that match combinations of the following
properties you specify:
Source IP address
Source subnet
Protocol
Destination IP Address
Destination Subnet
Destination Port
From Zone
IDP closes the matching connection and future connections that match combinations of the following
properties you specify:
Source IP address
Source subnet
Protocol
Destination IP Address
Destination Subnet
Destination Port
From Zone
Chapter 4: Configuring Security Policies
Recommended Action
None
41