Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 350
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
342
ISP T
D
EMPLATE
EFAULTS
Table D-9 Default Rules (continued)
Rule
Default-Rule-Recon:
Local DNS Scanner
Default-Rule-Recon:
Local FTP Scanner
Default-Rule-Recon:
Local Game Server
Scanner
Default-Rule-Recon:
Local ICMP Scanner
Default-Rule-Recon:
Local IM Server
Scanner
Default-Rule-Recon:
Local IRC Server
Scanner
Default-Rule-Recon:
Local Mail Server
Scanner
Default-Rule-Recon:
Local P2P Server
Scanner
Default-Rule-Recon:
Local Proxy Server
Scanner
Default-Rule-Recon:
Local RPC Server
Scanner
STRM Administration Guide
Rule
Type
Enabled Description
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common DNS ports to
more than 60 hosts in 10 minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common FTP ports to
more than 30 hosts in 10 minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common game server
ports to more than 30 hosts in 10
minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common ICMP ports to
more than 60 hosts in 10 minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common IM server ports
to more than 60 hosts in 10 minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common IRC server
ports to more than 10 hosts in 10
minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common mail server
ports to more than 60 hosts in 10
minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common Peer-to-Peer
(P2P) server ports to more than 60
hosts in 10 minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common proxy server
ports to more than 60 hosts in 10
minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common RPC server
ports to more than 60 hosts in 10
minutes.
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series