Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
JUMBO FRAME or IPv6 mode is not supported.
SYN Proxy or First UDP packet with fragment is not supported.
Vsys is not supported.
Configuring Services for IDP Rules
Services are application layer protocols that define how data is structured as it travels
across the network. Because the services you support on your network are the same
services that attackers must use to attack your network, you can specify which services
are supported by the destination IP to make your rule more efficient.
NOTE: All services rely on a transport layer protocol to transmit data. IDP includes
services that use TCP, UDP, RPC, and ICMP transport layer protocols.
Service objects represent the services running on your network. NSM includes predefined
service objects that are based on industry-standard services. You use these service
objects in rules to specify the service an attack uses to access your network. You can
also create custom service objects to represent protocols that are not included in the
predefined services.
In the Service column you select the service of the traffic you want IDP to match:
Select Default to accept the service specified by the attack object you select in the
Attacks column. When you select an attack object in the Attack column, the service
associated with that attack object becomes the default service for the rule. To see the
exact service, view the attack object details.
Select Any to set any service.
Select Service to choose specific services from the list of defined service objects.
You want to protect your FTP server from FTP attacks. Set the service to Default, and
add an attack object that detects FTP buffer overflow attempts. The Service column in
the rule still displays " Default" , but the rule actually uses the default service of TCP-FTP,
which is specified in the attack object.
Your mail server supports POP3 and SMTP connections but not IMAP. Set POP3 and
SMTP service objects as services that can be used to attack that server. Because IMAP
is not supported, you do not need to add the IMAP service object.
If you are supporting services on nonstandard ports, you should choose a service other
than default.
You use a nonstandard port (8080) for your HTTP services. Use the Object Manager to
create a custom service object on port 8080.
Add this service object to your rule, then add several HTTP attack objects, which have a
default service of TCP/80. IDP uses the specified service, HTTP-8080, instead of the
default, and looks for matches to the HTTP attacks in TCP traffic on port 8080.
Chapter 9: Configuring Security Policies
461
Advertisement
Table of Contents
