Configure Intrusion Detection Services
The Adaptive Services PIC (AS PIC) supports a limited set of intrusion detection services (IDS) to perform attack detection. You can use IDS to perform the following tasks:
- Detect various types of denial of service (DoS) and directed denial of service (DDoS) attack.
- Detect attempts at network scanning and probing.
- Detect anomalies in traffic pattern, such as sudden bursts or decline in bandwidth.
- Prevent some types of attack.
- Redirect attack traffic to a collector for analysis.
The IDS configuration allows you to focus the attack detection and remedial actions on specific hosts or networks that you specify in the IDS terms. Signature detection is not supported.
To configure intrusion detection services, you include statements at the [edit services] hierarchy level of the configuration:
[edit services]
ids {
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
applications [ application-names ];
application-sets [ set-names ];
destination-addressaddress;
source-addressaddress;
}
then {
aggregation {
destination-prefixprefix-value;
source-prefixprefix-value;
}
(force-entry | ignore entry);
logging {
syslog;
threshold rate;
}
syn-cookie {
mss value;
threshold rate;
}
}
}
}
rule-set rule-set-name {
[ rule rule-names ];
}
}
 |
JUNOS software uses stateful firewall settings as a basis for performing IDS. You must commit a stateful firewall configuration in the same service set for IDS to function properly. |
This chapter describes the following tasks for configuring intrusion detection services: