Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual page 91

Configuring intrusion detection and prevention devices guide

Hide thumbs Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01:

Manual (444 pages)

Administration manual (1026 pages)

Installation manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

Table of Contents

Table 42: Custom Attack: IP Settings and Header Matches

Setting

Type of Service

Total Length

Time-to-live

Protocol

Source

Destination

NOTE: The IP tab specifies the contents of the IP header in a malicious

packet. You cannot specify IP header contents if you selected a line,

stream, stream 256, or a service context in the Attack Patterns tab.

TIP: If you are unsure of the IP flags and IP fields for the malicious packet,

leave all fields blank. If not values are set, IDP attempts to match the

signature for all IP header contents.

Description

Enter the service type. Common service types are:

0000 Default

0001 Minimize Cost

0002 Maximize Reliability

0003 Maximize Throughput

0004 Minimize Delay

0005 Maximize Security

Enter the number of bytes in the packet, including all header fields and the data payload.

Enter the unique value used by the destination system to reassemble a fragmented packet.

Enter the time-to-live (TTL) value of the packet. This value represents the number of routers the

packet can pass through. Each router that processes the packet decrements the TTL by 1; when

the TTL reaches 0, the packet is discarded.

Enter the protocol used in the attack.

Specify the IP address of the attacking device.

Specify the IP address of the attack target.

Reserved bit. Specifies that IDP looks for a pattern match whether or not the IP flag is set (none),

only if the flag is set (set), or only if the flag is not set (unset).

More fragments. Specifies that IDP looks for a pattern match whether or not the IP flag is set (none),

only if the flag is set (set), or only if the flag is not set (unset).

Don't fragment. Specifies that IDP looks for a pattern match whether or not the IP flag is set (none),

only if the flag is set (set), or only if the flag is not set (unset).

If you selected TCP for Service Binding and packet or first-data-packet as the Context,

click the Protocols tab, select TCP packet header fields, and configure TCP Header

Match settings as described in Table 43 on page 76.

Chapter 5: Working with Attack Objects

Table of Contents

Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual page 91

Troubleshooting

Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual page 91

Troubleshooting

Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01

Table of Contents