Related Documentation
- J Series
- Understanding the IDP Signature Database
- Updating the IDP Signature Database Overview
- Updating the IDP Signature Database Manually Overview
- Example: Updating the IDP Signature Database Manually
- Example: Updating the Signature Database Automatically
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Defining Rules for an IDP Exempt Rulebase
- SRX Series
- Understanding the IDP Signature Database
- Updating the IDP Signature Database Overview
- Updating the IDP Signature Database Manually Overview
- Example: Updating the IDP Signature Database Manually
- Example: Updating the Signature Database Automatically
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Defining Rules for an IDP Exempt Rulebase
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding Predefined IDP Attack Objects and Object Groups
The security package for Intrusion Detection and Prevention (IDP) contains a database of predefined IDP attack objects and IDP attack object groups that you can use in IDP policies to match traffic against known and unknown attacks. Juniper Networks updates the predefined attack objects and groups on a regular basis with newly discovered attack patterns.
Updates to the attack object database can include:
- New descriptions or severities for existing attack objects
- New attack objects
- Deletion of obsolete attack objects
This topic includes the following sections:
Predefined Attack Objects
Predefined attack objects are listed in an alphabetical order. These attack objects have unique names that help you identify the attack. The first part of the name indicates the group to which the attack object belongs. For example:
- FTP:USER:ROOT—Belongs to the FTP:USER group. It detects attempts to log in to an FTP server using the root account.
- HTTP:HOTMAIL:FILE-UPLOAD—Belongs to the HTTP:HOTMAIL group. It detects files attached to e-mails sent via the Web-based e-mail service Hotmail.
Predefined Attack Object Groups
The predefined attack groups list displays the attack objects in the categories described below. A set of recommended attack objects that Juniper Networks considers to be serious threats are also available in this list. The recommended attack objects are organized into the following categories:
Table 1: Predefined Attack Object Groups
Attack Object Group | Description |
|---|---|
Attack Type | Groups attack objects by type (anomaly or signature). Within each type, attack objects are grouped by severity. |
Category | Groups attack objects by predefined categories. Within each category, attack objects are grouped by severity. |
Operating System | Groups attack objects by the operating system to which they apply: BSD, Linux, Solaris, or Windows. Within each operating system, attack objects are grouped by services and severity. |
Severity | Groups attack objects by the severity assigned to the attack. IDP has five severity levels: Critical, Major, Minor, Warning, Info. Within each severity, attack objects are grouped by category. |
Web Services | Groups attack objects by common Web services. These services are grouped by severity levels—Warning, Critical, Major, Minor, Info. |
Miscellaneous | Groups attack objects by performance level. Attack objects affecting IDP performance over a certain level are grouped under this category. |
Response | Groups attack objects in traffic flowing in the server to client direction. |
Related Documentation
- J Series
- Understanding the IDP Signature Database
- Updating the IDP Signature Database Overview
- Updating the IDP Signature Database Manually Overview
- Example: Updating the IDP Signature Database Manually
- Example: Updating the Signature Database Automatically
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Defining Rules for an IDP Exempt Rulebase
- SRX Series
- Understanding the IDP Signature Database
- Updating the IDP Signature Database Overview
- Updating the IDP Signature Database Manually Overview
- Example: Updating the IDP Signature Database Manually
- Example: Updating the Signature Database Automatically
- Example: Defining Rules for an IDP IPS Rulebase
- Example: Defining Rules for an IDP Exempt Rulebase
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
