Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 256
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
248
E
T
NTERPRISE
EMPLATE
D
EFAULTS
Table B-3 Custom Views - Threats View (continued)
Group
Objects
Suspicious_IP_
This group includes:
Protocol_Usage
•
•
•
•
•
•
• Unidirectional_UDP_And_Misc_Flows - Detects unidirectional
•
•
STRM Administration Guide
Illegal_TCP_Flag_Combination - Detects flows with illegal TCP flag
combinations. This may indicate malicious activity, such as port
scanning or operating system detection.
Suspicious_ICMP_Type_Code - Detects flows entering or leaving
your network from the Internet, using ICMP types or codes generally
accepted to be suspicious or malicious. For more information, see
http://techrepublic.com.com /5100-1035_11-5087087.html
TCP_UDP_Port_0 - Detects flows with a source or destination port of
0. This is illegal according to Internet RFCs and should be considered
malicious.
Unidirectional_TCP_Flows - Detects unidirectional TCP flows. This
may indicate application failures to connect to a service, but an
indicate other issues if the quantity or rate of these flows is high.
Unidirectional_ICMP_Reply - Detects unidirectional ICMP replies or
unreachable flows. This may be expected network behavior,
however, an excessive quantity may indicate that a host is scanning
the network attempting to enumerate hosts.
Unidirectional_ICMP_Flows - Detects unidirectional ICMP flows.
This may be expected network behavior, however, an excessive
quantity of these flows from a single source may indicate a host
scanning the network attempting to enumerate hosts.
UDP (or other flows not including TCP or ICMP) flows. This may be
expected network behavior, however, an excessive quantity should
be considered suspicious.
Zero_Payload_Bidirectional_Flows - Detects flows that contain
small amounts (if any) payload. This may be the result of scans
where the target responds with reset packets.
Long_Duration_Flow - Detects a flow communicating to or from the
Internet with a sustained duration of more than 48 hours. This is not
typical behavior for most applications. We recommend that you
investigate the host for potential malware infections.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series