Table 33: Deep Inspection Ip Actions - Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1 Administration Manual

Network and Security Manager Administration Guide
340
Table 32: Deep Inspection Profile Actions (continued)
Action Description
drop The security device drops the connection without sending a RST packet to the
connection sender, preventing the traffic from reaching its destination. Use this action to drop
connections for traffic that is not prone to spoofing.
close client The security device closes the connection and sends a RST packet to both the
and server client and the server.
close client The security device closes the connection to the client but not to the server.
close server The security device closes the connection to the server but not to the client.
NOTE: Network security is an ongoing process of defining normal traffic
for your network. Eliminating malicious traffic is important, but identifying
ambiguous traffic can be equally important. You do not always want to
drop traffic that appears abnormal; you might want to reset the
connection, block the attacker, set an alert for the event, or all three.
Configure Deep Inspection Alerts. Enable this option to create an event log entry for
matching traffic. If the security device matches network traffic to an attack object
in the rule, NSM creates an event log entry that describes that attack (direction,
service, and Attack object) and displays an alert in the Log Viewer.
Configure IP Action. Enable this option to direct the device to take action against a
brute force attack. When enabled, configure the following IP controls action:
Action. Select the action you want the device to take when it detects a brute force
attack. Table 33 on page 340 lists DI IP actions.

Table 33: Deep Inspection IP Actions

Action Description
IP Block The security device logs the event and drops all further traffic matching the target
definition for the period of time specified in the timeout setting.
IP Close The security device logs the event and drops all further traffic matching the target
definition for the period of time specified in the timeout setting and sends a Reset
(RST) for TCP traffic to the source and destination addresses.
IP Notify The security device logs the event but does not take any action against further
traffic matching the target definition for the period of time specified in the timeout
setting.
Target. Specifies a set of elements that must match for the security device to
consider a packet part of a brute force attack. The specified set of elements in an
IP packet arriving during a specified timeout period must match that in the packet
that the security detected as part of a brute force attack for the subsequent packet
Copyright © 2010, Juniper Networks, Inc.