Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 294
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
286
U
T
NIVERSITY
EMPLATE
D
EFAULTS
Table C-1 Default Sentries (continued)
Sentry
Recon - External - Scanning
Activity (Low)
Recon - External - Scanning
Activity (Medium)
Recon - Internal - ICMP Scan
(High)
Recon - Internal - ICMP Scan
(Low)
Recon - Internal - ICMP Scan
(Medium)
Recon - Internal - Potential
Network Scan
Recon - Internal - Scanning
Activity (High)
STRM Administration Guide
Description
Detects a host performing reconnaissance activity at a
rate of 500 hosts per minute. This may indicate a host
configured for network management or normal server
behavior on a busy internal network. However,
typically client hosts in your network should not be
exhibiting this behavior for long periods of time. If this
behavior continues for long periods of time, this may
indicate classic behavior of worm activity. We
recommend that you check the host for infection or
malware installation.
Detects a host performing reconnaissance activity at a
high rate (5000 hosts per minute), which is typical of a
worm infection or a scanning application. This activity
may also indicate network management hosts or even
busy servers on internal networks.
Detects a host scanning more than 100,000 hosts per
minute using ICMP. This indicates a host performing
reconnaissance activity at an extremely high rate. This
is typical of a worm infection or a standard scanning
application.
Detects a host scanning more than 500 hosts per
minute using ICMP. This may indicate a host
configured for network management or normal server
behavior on a busy internal network. However,
typically client hosts in your network should not be
exhibiting this behavior for long periods of time. If this
behavior continues for long periods of time, this may
indicate classic behavior of worm activity. We
recommend that you check the host for infection or
malware installation.
Detects a host scanning more the 5000 hosts per
minute using ICMP. This indicates a host performing
reconnaissance activity at a high rate. This is typical of
a worm infection or a host configured for network
management purposes.
Detects a host sending identical packets to a number
of hosts that have not responded. This may indicate a
host configured for network management or normal
server behavior on a busy internal network. However,
client hosts in your network should not be exhibiting
this behavior for long periods of time.
Detects a host performing reconnaissance activity at
an extremely high rate (100,000 hosts per minute),
which is typical of a worm infection or a scanning
application.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series