Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 110

102 U D
SING THE EPLOYMENT
E
DITOR
Table 5-9 Flow Processor Parameters (continued)
Parameter
Type C Superflows
IP Address(es) Range
Conversion
Maximum Content for
Destination STRM
Components
STRM Administration Guide
Description
Specify the threshold for type C superflows, which is one
host sending data to another host. A unidirectional flow that
is an aggregate of all non-ICMP flows that have the same
protocol, source host, destination host, source bytes,
destination bytes, source packets, and destination packets
but different source or destination ports.
Specify an IP address or CIDR range to convert to another
IP address or CIDR range from the Flow Processor. This
allows STRM to identify data sources on networks with
similar IP addresses when a single Flow Processor is used
to process many data sources.
Enter the information in the following format:
<IP address>:<convert>
Where:
<IP address> specifies the IP address or CIDR range to be
converted.
<convert> specifies the desired conversion range.
This option is also available in the Flow Collector.
A content filter controls where content is denied/allowed.
Apply filters in the following format:
<CIDR>:<bytes of content>
Where:
<CIDR> specifies a CIDR range
<bytes of content> specifies how much content is allowed.
For example, 64 bytes of content or 128 bytes of content.
The filter is case sensitive. You must use either all
uppercase or lowercase characters.
For example:
If CIDR=10.100.100.0/24 and you wish to allow 64 bytes of
content, enter:
10.100.100.0/24:64
If CIDR=10.100.100.0/24 and you wish to deny the content,
enter:
10.100.100.0/24:0
If CIDR=10.100.100.0/24 and you wish to allow content only
to this CIDR, enter:
default:0, 10.100.100.0/24:64