Table of Contents
Advertisement
Network and Security Manager Administration Guide
680
Table 60: Attack Counters (continued)
Item
Description
IP Loose Src
The security device blocks packets where the IP option is 3 (Loose Source
Routing). This option provides a means for the source of a packet to supply
routing information to be used by the gateways in forwarding the packet to
the destination. This option is a loose source route because the gateway or
host IP is allowed to use any route of any number of other intermediate
gateways to reach the next address in the route.
IP Strict Src
The security device blocks packets where the IP option is 9 (Strict Source
Routing). This option provides a means for the source of a packet to supply
routing information to be used by the gateways in forwarding the packet to
the destination. This option is a strict source route because the gateway or
host IP must send the datagram directly to the next address in the source
route, and only through the directly connected network indicated in the next
address to reach the next gateway or host specified in the route.
IP Stream
The security device blocks packets where the IP option is 8 (Stream ID). This
option provides a way for the 16-bit SATNET stream identifier to be carried
through networks that do not support the stream concept.
ICMP Frag
When the protocol field indicates ICMP packets, and the fragment flag is set
to 1 or an offset is indicated.
Large ICMP
An ICMP packet with a length greater than 1024.
SYN n FIN
Both the SYN and FIN flags are not normally set in the same packet. However,
an attacker can send a packet with both flags set to see what kind of system
reply is returned and thereby determine what kind of system is on the
receiving end. The attacker can then use any known system vulnerabilities
for further attacks. Enable this option to have the security device drop packets
that have both the SYN and FIN bits set in the flags field.
FIN no ACK
TCP packet with a FIN set but no ACK set in the flags field.
Mal URL
When you enable Malicious URL Detection, the security device monitors
each HTTP packet and detects any URL that matches any of several
user-defined patterns. The security device automatically drops any such
packet.
Limit Session
Security devices can limit the number of sessions that can be established
by a single IP address. For example, session resources on a Web server can
be exhausted if there are many requests from the same client. This option
defines the maximum number of sessions the security device can establish
per second for a single IP address. (The default threshold is 128 sessions per
second per IP address.)
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008