What Is A Dos Service Exploit; How Do I Investigate A Dos Offense - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1 Manual

28 D S
ENIAL OF ERVICE
What is a DoS
Service Exploit?
How do I
Investigate a DoS
Offense?
Step 1
Step 2
Step 3
(D S) O
O FFENSES
The intention of a DoS service exploit is to cause a disruption in service for a host
or service. A DoS exploit attempts to disrupt a service by sending an exploit, which
may be a single packet containing a DoS exploit, to a port where a vulnerable
service is listening. Such an exploit may cause memory corruption that results in a
failure of service or the operating system to cease functioning. These events are
created by STRM sentries using Network Behavioral Anomaly Detection (NBAD).
DoS events are also created by intrusion detection and prevention sensors.
STRM correlates DoS events with other relevant data, such as the presence or
absence of the target host and vulnerabilities on the target port, when vulnerability
assessment data is available. DoS exploits are ineffective when the target host
vulnerability has been patched or when the exploit packs are blocked by firewalls
or in-line devices, such as proxy servers or IPSs.
To investigate a DoS offenses:
Click the Offense Manager tab.
The Offense Manager window appears.
Click By Category from the navigation menu.
The By Category view appears displaying high-level categories. The counts for
each category are accumulated from the values in the low-level categories.
Hint: Only low-level categories with associated offenses appear with an arrow.
You can click the arrow to view the associated low-level categories. If you wish to
view all categories, click Show Inactive Categories.
To view additional low-level category information for the DoS category, click the
arrow icon next to DOS.
Category Offense Investigation Guide