Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 Administration Manual page 351
Strm administration guide
Hide thumbs
Also See for SECURITY THREAT RESPONSE MANAGER 2008.2:
- Manual (228 pages) ,
- Getting started (14 pages) ,
- Release note (11 pages)
Table of Contents
Advertisement
Table D-9 Default Rules (continued)
Rule
Default-Rule-Recon:
Local Scanner
Detected
Default-Rule-Recon:
Local SNMP Scanner
Default-Rule-Recon:
Local SSH Scanner
Default-Rule-Recon:
Local Suspicious
Probe Events
Detected
Default-Rule-Recon:
Local TCP Scanner
Default-Rule-Recon:
Local UDP Scanner
Default-Rule-Recon:
Local Web Server
Scanner
Default-Rule-Recon:
Local Windows
Server Scanner
Default-Rule-Recon:
Recon Followed by
Accept
STRM Administration Guide
Rule
Type
Enabled Description
Event
True
Reports a scan from a local host against
other hosts or remote targets. At least
60 hosts were scanned within 20
minutes. This activity was using a
protocol other than TCP, UDP, or ICMP.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common SNMP ports to
more than 60 hosts in 10 minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common SSH ports to
more than 30 hosts in 10 minutes.
Event
False
Reports when various suspicious or
reconnaissance events have been
detected from the same local source IP
address to more than 5 destination IP
address in 4 minutes. This can indicate
various forms of host probing, such as
Nmap reconnaissance, which attempts
to identify the services and operation
systems of the target.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common TCP ports to
more than 60 hosts in 10 minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common UDP ports to
more than 60 hosts in 10 minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common local web
server ports to more than 60 hosts in 10
minutes.
Event
True
Reports a source IP address attempting
reconnaissance or suspicious
connections on common Windows
server ports to more than 60 hosts in 10
minutes.
Event
True
Adds an additional event into the event
stream when a host that has been
performing reconnaissance also has a
firewall accept following the
reconnaissance activity.
Default Rules
343
Advertisement
Table of Contents
Related Manuals for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
Related Products for Juniper SECURITY THREAT RESPONSE MANAGER 2008.2
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper 200 Series