Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1 Administration Manual page 719

Copyright © 2010, Juniper Networks, Inc.
Table 60: Attack Counters (continued)
Item Description
IP Sweep Also called an address sweep attack, an IP sweep is similar to a port scan
attack. It occurs when an attacker sends ICMP echo requests (or pings) to
different destination addresses hoping that one will reply, thus uncovering
an address to a target. If a remote host pings 10 addresses in 0.3 seconds,
the security device flags this as an address sweep attack and drops the
connection.
Block Java/ActX Malicious Java or ActiveX components can be hidden in Web pages. When
downloaded, these applets install a Trojan horse on your computer. Similarly,
Trojan horses can be hidden in compressed files such as .zip, .gzip, .tar, and
executable (.exe) files.
SYN Frag A SYN fragment attack floods the target host with SYN packet fragments.
The host catches the fragments, waiting for the remaining packets to arrive
so it can reassemble them. When a server or host is flooded with connections
that cannot be completed, the host's memory buffer eventually fills. No
further connections are possible, and damage to the host's operating system
can occur. The security device drops ICMP packets when the protocol field
indicates ICMP packets, and the fragment flag is set to 1 or an offset is
indicated.
TCP no Flag TCP packet that does not have any bits set in the flags.
Unknown Prot The security device drops packets where the protocol field is set to 101 or
greater. These protocol types are reserved and undefined at this time.
Bad IP Opt Triggered when the list of IP options in the IP datagram header is incomplete
or malformed.
IP Rec Route The security device blocks packets where the IP option is 7 (Record Route).
This option is used to record the route of a packet. A recorded route is
composed of a series of Internet addresses, which an outsider can analyze
to learn details about your network's addressing scheme and topology.
IP Timestamp The security device blocks packets where the IP option list includes option
4 (Internet Timestamp).
IP Security This option provides a way for hosts to send security, compartmentation,
TCC (closed user group) parameters, and Handling Restriction Codes
compatible with DOD requirements.
IP Loose Src The security device blocks packets where the IP option is 3 (Loose Source
Routing). This option provides a means for the source of a packet to supply
routing information to be used by the gateways in forwarding the packet to
the destination. This option is a loose source route because the gateway or
host IP is allowed to use any route of any number of other intermediate
gateways to reach the next address in the route.
Chapter 17: Realtime Monitoring
669