Protection Against Scans, Spoofs, And Sweeps - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual
Configuring screenos devices guide
Hide thumbs
Also See for NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01:
- Manual (340 pages) ,
- Administration manual (1026 pages) ,
- Installation manual (244 pages)
Table of Contents
Advertisement
Configuring ScreenOS Devices Guide
Table 16: HTTP Components (continued)
HTTP Components
ActiveX
ZIP files
EXE files
Related
Documentation
Protection Against Scans, Spoofs, and Sweeps
44
Description
Microsoft's ActiveX enables different programs to interact with each other and might contain
Java applets, .exe files, or .zip files. Web designers use ActiveX to create dynamic and
interactive Web pages that function similarly across different operating systems and platforms.
However, attackers might use ActiveX to gain control over a target computer system. When
blocking ActiveX components, the security device also blocks Java applets, .exe files, and .zip
files whether they are contained within an ActiveX control or not.
Files with .zip extensions contain one or more compressed files, some of which might be .exe
files or other potentially malicious files. You can configure the security device to block all .zip
files from passing through the zone.
Files with .exe extensions might contain malicious code. You can configure the security device
to block all .exe files from passing through the zone.
MS-Windows Defense
Microsoft Windows contains the WinNuke vulnerability, which can be exploited using a
DoS attack targeting any computer on the Internet running Microsoft Windows. Attackers
can send a TCP segment (usually to NetBIOS port 139 with the urgent (URG) flag set to
a host with an established connection; this packet causes a NetBIOS fragment overlap
that can crash Windows systems.
To protect targets in the security zone from WinNuke attacks, configure the security
device to scan incoming Microsoft NetBIOS session service (port 139) packets for set
URG flags. If such a packet is detected, the security device unsets the URG flag, clears
the URG pointer, forwards the modified packet, and generates a log entry for the event.
Protection Against Scans, Spoofs, and Sweeps on page 44
IP and TCP/IP Anomaly Detection on page 45
Prevention of Security Zones Using Denial of Service Attacks on page 47
Attackers often perform address sweeps and/or port scans to gain targeted information
about a network. After they have identified trusted addresses or ports, they might launch
an attack against the network by spoofing a trusted IP address. To protect targets in the
zone from sweeps, scans, and spoofing attempts, configure the detection and blocking
settings as described in Table 17 on page 45.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
