Configuring A Blacklisted Entry (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Related
Documentation
Configuring a Blacklisted Entry (NSM Procedure)
Copyright © 2010, Juniper Networks, Inc.
Network traffic is categorized as critical and noncritical. Critical traffic includes
management traffic such as Telnet and SSH. When a DoS attack occurs, CPU usage
increases and when it reaches the throttling threshold, it triggers the dropping of noncritical
traffic, which is not blacklisted. To prevent this, you can configure the security device to
drop malicious packets within the device that processed them. In this mechanism, you
create a blacklist with source and destination network addresses from which malicious
traffic reaches the security device.
When a packet reaches the security device, the packets are checked against a list of
configured blacklisted entries. If a match occurs, the device drops that packet. If the
packet does not match the blacklisted entry, the device passes the packet to the next
stage that prioritizes the packet. For each entry in the blacklist, the security device
maintains a drop counter to record the number of packets dropped against that entry.
Device Configuration Settings Overview on page 25
Enabling ALGs (NSM Procedure) on page 28
Understanding Device Configurations Running ScreenOS 5.4 FIPS and Later Overview
on page 29
To configure a blacklisted entry:
In the NSM navigation tree, click Device Manager > Devices.
1.
Select an ISG1000, ISG2000, NetScreen–5200, or NetScreen–5400 device.
2.
Click the Edit icon to edit the device. The Device dialog box for the selected device
3.
appears.
In the device navigation tree, click Advanced > CPU > Blacklist/Throttling Threshold.
4.
Click the Add icon. The New Blacklist Entry dialog box appears.
Modify the settings as described in Table 11 on page 27. Click OK.
5.
Table 11: Blacklist Configuration Fields
Field
Description
ID
The ID of the blacklist is generated automatically.
Source IP
The source IP address from which the DoS attack traffic originated.
Destination IP
The destination IP address.
Source Port
The source port in a TCP or UDP session. Set this to 0 to match all
ports.
Destination Port
The destination port in a TCP or UDP session. Set this to 0 to match
all ports.
Chapter 2: Device Configuration
27
Advertisement
Table of Contents
