Table of Contents
Advertisement
Network and Security Manager Administration Guide
474
Table 43: IDP Rule Actions (continued)
Action
Description
Ignore
IDP completely ignores the session if the rule does not specify an
attack. If an attack is specified in the rule, IDP inspects the session and
generates a log for the first attack detected. Subsequently, IDP ignores
the rest of that session and neither inspects the session for attacks
nor generates attack logs. Use with caution.
Drop Packet
IDP drops a matching packet before it can reach its destination but
does not close the connection. Use this action to drop packets for
attacks in traffic that is prone to spoofing, such as UDP traffic. Dropping
a connection for such traffic could result in a denial of service that
prevents you from receiving traffic from a legitimate source IP address.
Depending on the protocol in use and its mode, IDP behaves differently
when you define this rule.
Drop Connection
IDP drops the connection without sending a RST packet to the sender,
preventing the traffic from reaching its destination. Use this action to
drop connections for traffic that is not prone to spoofing.
Depending on the protocol in use and its mode, IDP behaves differently
when you define this rule.
Close Client
IDP closes the connection to the client, but not to the server.
Close Server
IDP closes the connection to the server, but not to the client.
Close Client and Server
IDP closes the connection and sends a RST packet to both the client
and the server. If IDP is operating in inline tap mode, IDP sends a RST
packet to both the client and server but does NOT close the connection.
Diffserv Marking
IDP assigns the service differentiation value indicated to the packet,
then passes it on normally. The value is set in the dialog that appears
when you select this action in the rulebase.
If using UDP in the inline mode, the IDP drops the packet whereas
it dismisses the action if functioning in the inline tap mode.
If using TCP, in the inline mode, the IDP drops the connection. In the
inline tap mode, though the connection is dropped, the attack packet
might still have got through.
If using UDP in the inline mode, the IDP drops the session. In the
inline tap mode, the session is dropped but the attack packet would
have been let through.
If using TCP in the inline mode, the IDP drops the connection. In the
inline tap mode, the IDP drops the connection but the attack packet
might have got through.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008