Attacker Target Analysis Group - Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual

Table B-3 Custom Views - Threats View (continued)
Group
Remote_Access_
Violation
Attacker Target Pre-configured groups that specify traffic flows from attackers, responses, and
Analysis Group events including:
Table B-4 Custom Views - AttackerTargetAnalysis
Group
AttackResponse
Analysis
Objects
This group includes:
• Hidden_Telnet_SSH - Detects flows where the application type is
Telnet or SSH but the destination server port is not one of the
common ports for this application. This may indicate that a system
has been altered to provide a backdoor for unauthorized access.
• Hidden_FTP - Detects flows to a local host where the application
type is FTP but the destination server port is not one of the common
ports of this application. This may indicate that the server is hosting
illegal data, such as pirated applications or other media.
• Remote_Desktop_Access_From_Internet - Detects Remote
Desktop Protocol (RDP) access to the local network from the Internet.
If you wish to allow this activity on your network, delete this view.
Otherwise, you should consider this activity suspicious and We
recommend investigating the accessed server.
• VNC_Activity_From_Internet - Detects Virtual Network Computing
(VNC) access to the local network from the Internet. If you wish to
allow this activity on your network, delete this view. Otherwise, you
should consider this activity suspicious and We recommend
investigating the accessed server.
Objects
This group includes:
• Target_Did_Not_Respond - The network flow that appears to have
carried the attack event that triggered this analysis indicates that the
target host did not respond to the attack.
• Target_Responded - The network flow analysis indicates a target
responded to the event from the attacker, and therefore increases the
likelihood the attacker was successful.
STRM Administration Guide
Default Custom Views 249