Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

  • clear security idp attack table

show security idp attack detail

Syntax

show security idp attack detail attack-name

Release Information

Command introduced in Junos OS Release 11.4.

Description

Display details of a specified IDP attack.

Options

  • attack-name —IDP attack name.

Required Privilege Level

view

Related Documentation

  • clear security idp attack table

List of Sample Output

show security idp attack detail FTP:USER:ROOT
show security idp attack detail TROJAN:MISC:ROOTBEER-CLIENT

Output Fields

Table 13 lists the output fields for the show security idp attack detail command. Output fields are listed in the approximate order in which they appear.

Table 13: show security idp attack detail Output Fields

Field Name

Field Description

Display Name

Display name of the IDP attack.

Severity

Severity level of the IDP attack.

Category

IDP attack category.

Recommended

Specifies whether a default action for the IDP attack is recommended by Juniper Networks (true or false).

Recommended Action

Recommended action for the IDP attack.

Type

Type of IDP attack.

Direction

Direction of the IDP attack.

False Positives

Specifies whether the IDP attack produces a false positive on the network.

Service

IDP service configured for the IDP attack. If a service is configured for the IDP attack, the IDP service name is displayed. Otherwise, Not available is displayed.

Member Name

Name of the attack member in the IDP attack.

Expression

Specifies the Boolean expression of attack members. Used to identify the way (for example, OR, AND, or oAND) attack members should be matched.

PCRE Expression

Specifies the Boolean expression of PCRE format-based attack members. Used to identify the way (for example, OR, AND, or oAND) attack members should be matched. If this field is not present, “Expression” is used as a Boolean expression for attack matching.

Shellcode

Signifies if the IDP attack is a shellcode attack.

Flow

Signifies the channel (control, data) of the IDP attack.

Context

Name of the context under which the IDP attack has to be matched.

Negate

Signifies if the signature in the IDP attack is a negate signature.

TimeBinding

Specifies count and scope under which the attack is valid.

Pattern

Specifies the regular expression in the IDP attack.

PCRE Pattern

Specifies the regular expression in PCRE format in the IDP attack.

Hidden Pattern

Specifies if the attack pattern is hidden.

Sample Output

show security idp attack detail FTP:USER:ROOT

user@host> run show security idp attack detail FTP:USER:ROOT
Display Name: FTP: "root" Account Login
Severity: Minor
Category: FTP
Recommended: false
Recommended Action: None
Type: signature
Direction: CTS
False Positives: unknown
Shellcode: no
Flow: control
Context: ftp-username
Negate: false
TimeBinding:
			 Scope: none
         Count: 1
Hidden Pattern: False
Pattern: \[root\]

show security idp attack detail TROJAN:MISC:ROOTBEER-CLIENT

user@host> show security idp attack detail TROJAN:MISC:ROOTBEER-CLIENT
Display Name: TROJAN: Digital Rootbeer Client Connect
Severity: Minor
Category: TROJAN
Recommended: false
Recommended Action: None
Type: chain
False Positives: unknown
Service: TCP/2600
Expression: m01 oAND m02
Order: no
Reset: no
Scope: session
TimeBinding:
Members:
        Member Name: m01
        Type: Signature
        Direction: CTS
        Flow: control
        Shellcode: no
        Context: stream256
        Negate: false
        Hidden Pattern: False
        Pattern: .*/QUE,who are you\.\.\.\?.*
        PCRE Pattern: ^(.)*\/QUE,who are you\.\.\.\?

        Member Name: m02
        Type: Signature
        Direction: STC
        Flow: control
        Shellcode: no
        Context: stream256
        Negate: false
        Hidden Pattern: False
        Pattern: .*/QUE,billy the kid.*
        PCRE Pattern: ^(.)*\/QUE,billy the kid

Modified: 2016-05-01