Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring IDP Protocol Anomaly-Based Attacks

    This example shows how to create a protocol anomaly-based attack object.

    Requirements

    Before you begin, configure network interfaces. See the Junos OS Interfaces Configuration Guide for Security Devices PDF Document

    Overview

    In this example, you create a protocol anomaly attack called anomaly1 and assign it the following properties:

    • Time binding—Specifies the scope as peer and count as 2 to detect anomalies between source and destination IP addresses of the sessions for the specified number of times.
    • Severity (info)—Provides information about any attack that matches the conditions.
    • Attack direction (any)—Detects the attack in both directions—client-to-server and server-to-client traffic.
    • Service (TCP)—Matches attacks using the TCP service.
    • Test condition (OPTIONS_UNSUPPORTED)—Matches certain predefined test conditions. In this example, the condition is to match if the attack includes unsupported options.
    • Shellcode (sparc)—Sets the flag to detect shellcode for Sparc platforms.

    Once you have configured the protocol anomaly-based attack object, you specify the attack as match criteria in an IDP policy rule. See Example: Defining Rules for an IDP IPS Rulebase.

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    set security idp custom-attack anomaly1 severity info set security idp custom-attack anomaly1 time-binding scope peer count 2 set security idp custom-attack anomaly1 attack-type anomaly test OPTIONS_UNSUPPORTED set security idp custom-attack sa set security idp custom-attack sa attack-type anomaly service TCP set security idp custom-attack sa attack-type anomaly direction any set security idp custom-attack sa attack-type anomaly shellcode sparc

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

    To create a protocol anomaly-based attack object:

    1. Specify a name for the attack.
      [edit]user@host# edit security idp custom-attack anomaly1
    2. Specify common properties for the attack.
      [edit security idp custom-attack anomaly1]user@host# set severity infouser@host# set time-binding scope peer count 2
    3. Specify the attack type and test condition.
      [edit security idp custom-attack anomaly1]user@host# set attack-type anomaly test OPTIONS_UNSUPPORTED
    4. Specify other properties for the anomaly attack.
      [edit security idp custom-attack anomaly1]user@host# set attack-type anomaly service TCPuser@host# set attack-type anomaly direction any user@host# attack-type anomaly shellcode sparc

    Results

    From configuration mode, confirm your configuration by entering the show security idp command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    [edit]user@host# show security idpcustom-attack anomaly1 {severity info;time-binding {count 2;scope peer;}attack-type {anomaly {test OPTIONS_UNSUPPORTED;service TCP;direction any;shellcode sparc;}}}

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    To confirm that the configuration is working properly, perform this task:

    Verifying the Configuration

    Purpose

    Verify that the protocol anomaly-based attack object was created.

    Action

    From operational mode, enter the show security idp status command.

    Published: 2012-06-29