Table of Contents
Advertisement
Network and Security Manager Administration Guide
352
instead of packet reduces the amount of traffic the security device needs to monitor,
which improves performance.
Select stream context to reassemble packets and extract the data to search for a
pattern match. However, a security device does not recognize packet boundaries for
stream contexts, so data for multiple packets is combined. Select this option only
when no other context option contains the attack.
Select stream 256 context to reassemble packets and search for a pattern match
within the first 256 bytes of a traffic stream. When the flow direction is set to any, the
security device checks the first 256 bytes of both the STC and CTS flows. If you know
that the attack signature will appear in the first 256 bytes of a session, choosing stream
256 instead of stream reduces the amount of traffic that the security device must
monitor and cache, improving performance.
Select line context to detect a pattern match within a specific line within your network
traffic.
Configuring Attack Direction
Select the connection direction of the attack. Using single direction (instead of Any)
improves performance, reduces false positives, and increases detection accuracy:
Client to Server (detects the attack only in client-to-server traffic)
Server to Client (detects the attack only in server-to-client traffic)
Any (detects the attack in either direction)
Configuring Attack Flows
Select the connection flow of the attack. Using a single flow (instead of Both) improves
performance and increases detection accuracy.
Control (detects the attack in the initial connection that is established persistently to
issue commands, requests, and so on.)
Auxiliary (detects the attack in the response connection established intermittently to
transfer requested data)
Both (detects the attack in the initial and response connections)
After you finish entering the attack detection properties for the attack type, click Next to
configure the attack IP settings and protocol headers.
Configuring Header Match Properties
Specify specific values and options that exist within the header of the attack packet.
NOTE: You can configure header values only for attack objects that use a packet or
first packet context. If you selected a line, stream, stream 256, or a service context (in
the Detection tab) you cannot specify header contents.
If you are unsure of the options or flag settings for the malicious packet, leave all fields
blank and the security device attempts to match the signature for all header contents.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
