Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
For each value you enter, you must specify the relational or equality operator. Table 38
on page 351 lists DI attack header match modifiers.
Table 38: DI Attack Header Match Modifiers
Modifier
Meaning
==
equal to
!=
not equal to
>
greater than
<
less than
Additionally, for each flag you must specify whether or not a flag is configured (none),
the flag is set (set), or the flag is not set (unset).
Configure IP Header Matches
For attacks that use IP and a packet context, you can go to the IP tab to set values for
the IP fields and flags listed below. Note that in the IP header match GUI, you can select
either IPv4 or IPv6, but if you select IPv6, you can configure a new ICMPv6 header match
in the Protocol header along with existing TCP and UDP protocols. IPv4 and IPv6 header
matches cannot coexist in a single attack definition. IPv6–enabled attacks are supported
only on ISG1000 with SM and ISG2000 with SM devices.
Type of Service—Specify an operand (none, =, !, >, <) and a decimal value for the
service type. Common service types are:
0000 Default
0001 Minimize Cost
0002 Maximize Reliability
0003 Maximize Throughput
0004 Minimize Delay
0005 Maximize Security
Total Length—Specify an operand (none, =, !, >, <) and a decimal value for the number
of bytes in the packet, including all header fields and the data payload.
ID—Specify an operand (none, =, !, >, <) and a decimal value for the unique value used
by the destination system to reassemble a fragmented packet.
Time to Live—Specify an operand (none, =, !, >, <) and a decimal value for the
time-to-live (TTL) value of the packet. This value represents the number of routers
the packet can pass through. Each router that processes the packet decrements the
TTL by 1; when the TTL reaches 0, the packet is discarded.
Protocol—Specify an operand (none, =, !, >, <) and a decimal value for the protocol
used.
Chapter 8: Configuring Objects
351
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers