Table of Contents
Advertisement
Configuring a Protocol Anomaly Attack Object
Copyright © 2010, Juniper Networks, Inc.
SYN—When set, the SYN flag indicates a request for a new session.
FIN—When set, the final flag indicates that the packet transfer is complete and the
connection can be closed.
R1—This reserved bit (1 of 2) is not used.
R2—This reserved bit (2 of 2) is not used.
UDP Headers
For attacks that use UDP and a packet context, in the Protocol tab, select UDP Packet
Header Fields from TCP/UDP/ICMP Header Matches menu, then set values for the
following UDP fields:
Source Port—Specify an operand (none, =, !, >, <) and a decimal value for the port
number on the attacking device.
Destination Port—Specify an operand (none, =, !, >, <) and a decimal value for the port
number of the attack target.
Data Length—Specify an operand (none, =, !, >, <) and a decimal value for the number
of bytes in the data payload.
ICMP Headers
For attacks that use ICMP and a packet context, in the Protocol tab, select ICMP Packet
Header Fields from TCP/UDP/ICMP Header Matches menu, then set values for the
following ICMP fields:
ICMP Type—Specify an operand (none, =, !, >, <) and a decimal value for the primary
code that identifies the function of the request/reply.
ICMP Code—Specify an operand (none, =, !, >, <) and a decimal value for the secondary
code that identifies the function of the request/reply within a given type.
Sequence Number—Specify an operand (none, =, !, >, <) and a decimal value for the
sequence number of the packet. This number identifies the location of the request/reply
in relation to the entire sequence.
ICMP ID—Specify an operand (none, =, !, >, <) and a decimal value for the identification
number is a unique value used by the destination system to associate requests and
replies.
Data Length—Specify an operand (none, =, !, >, <) and a decimal value for the number
of bytes in the data payload.
A protocol anomaly attack object locates unknown or sophisticated attacks that violate
protocol specifications (RFCs and common RFC extensions). You cannot create new
protocol anomalies, but you can configure a custom attack object that controls how the
security device handles a predefined protocol anomaly when detected.
Chapter 8: Configuring Objects
353
Advertisement
Table of Contents
Need help?
Do you have a question about the NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 and is the answer not in the manual?
Questions and answers