Table of Contents
Advertisement
Copyright © 2010, Juniper Networks, Inc.
security device checks the first 256 bytes of both the STC and CTS flows. If you know
that the attack signature will appear in the first 256 bytes of a session, choosing stream
256 instead of stream reduces the amount of traffic that the security device must
monitor and cache, improving performance.
Select stream 8K context to reassemble packets and search for a pattern match within
the first 8192 bytes of a traffic stream. If you know that the attack signature will appear
in the first 8192 bytes of a session, choosing stream 8192 instead of stream reduces
the amount of traffic that the security device must monitor and cache, thereby improving
performance.
Select stream 1K context to reassemble packets and search for a pattern match within
the first 1024 bytes of a traffic stream. If you know that the attack signature will appear
in the first 1024 bytes of a session, choosing stream 1024 instead of stream reduces
the amount of traffic that the security device must monitor and cache, thereby improving
performance.
Configuring Attack Direction
Select the connection direction of the attack. Using single direction (instead of Any)
improves performance, reduces false positives, and increases detection accuracy:
Client to Server—Detects the attack only in client-to-server traffic
Server to Client—Detects the attack only in server-to-client traffic
Any—Detects the attack in either direction
Configuring Attack Flows
Select the connection flow of the attack. Using a single flow (instead of Both) improves
performance and increases detection accuracy.
Control (detects the attack in the initial connection that is established persistently to
issue commands, requests, and so on.)
Auxiliary (detects the attack in the response connection established intermittently to
transfer requested data)
Both (detects the attack in the initial and response connections)
After you finish entering the attack detection properties for the attack type, click Next to
configure the attack IP settings and protocol headers.
Configuring Header Match Properties
Specify specific values and options that exist within the header of the attack packet.
NOTE: You can configure header values only for attack objects that use a
packet, first data packet, or first packet context. If you selected a stream,
stream 256, stream 1K, stream 8K, or a service context (in the Detection area)
you cannot specify header contents.
Chapter 8: Configuring Objects
355
Advertisement
Table of Contents
