Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1 Administration Manual page 514

Network and Security Manager Administration Guide
464
Table 41: IDP Rule Actions (continued)
Action Description
Drop Packet IDP drops a matching packet before it can reach its destination but
does not close the connection. Use this action to drop packets for
attacks in traffic that is prone to spoofing, such as UDP traffic. Dropping
a connection for such traffic could result in a denial of service that
prevents you from receiving traffic from a legitimate source IP address.
Depending on the protocol in use and its mode, IDP behaves differently
when you define this rule.
Drop Connection IDP drops the connection without sending a RST packet to the sender,
preventing the traffic from reaching its destination. Use this action to
drop connections for traffic that is not prone to spoofing.
Depending on the protocol in use and its mode, IDP behaves differently
when you define this rule.
Close Client IDP closes the connection to the client, but not to the server.
Close Server IDP closes the connection to the server, but not to the client.
Close Client and Server IDP closes the connection and sends a RST packet to both the client
and the server. If IDP is operating in inline tap mode, IDP sends a RST
packet to both the client and server but does NOT close the connection.
Diffserv Marking IDP assigns the service differentiation value indicated to the packet,
then passes it on normally. The value is set in the dialog that appears
when you select this action in the rulebase.
Recommended IDP takes the action recommended by Juniper Networks. With IDP 4.1
and later, attack objects have a recommended action associated with
them. If a packet triggers more than one attack object, IDP applies the
most secure of the recommended actions. Available with IDP 4.1 and
later.
This setting has no meaning for IDP 4.0 or earlier. Rules with this setting
will not be loaded onto devices running earlier versions of IDP.
If using UDP in the inline mode, the IDP drops the packet whereas
it dismisses the action if functioning in the inline tap mode.
If using TCP, in the inline mode, the IDP drops the connection. In the
inline tap mode, though the connection is dropped, the attack packet
might still have got through.
If using UDP in the inline mode, the IDP drops the session. In the
inline tap mode, the session is dropped but the attack packet would
have been let through.
If using TCP in the inline mode, the IDP drops the connection. In the
inline tap mode, the IDP drops the connection but the attack packet
might have got through.
Copyright © 2010, Juniper Networks, Inc.