|
No Action
|
No action is taken. Use this action when you only want to generate
logs for some traffic.
|
|
Ignore Connection
|
Stops scanning traffic for the rest of the connection if an
attack match is found. IDP disables the rulebase for the specific
connection.
Note:
This action does not mean ignore an attack.
|
|
Diffserv Marking
|
Assigns the indicated Differentiated Services code point (DSCP)
value to the packet in an attack, then passes the packet on normally.
Note that DSCP value is not applied to the first packet that
is detected as an attack, but is applied to subsequent packets.
|
|
Drop Packet
|
Drops a matching packet before it can reach its destination
but does not close the connection. Use this action to drop packets
for attacks in traffic that is prone to spoofing, such as UDP traffic.
Dropping a connection for such traffic could result in a denial of
service that prevents you from receiving traffic from a legitimate
source-IP address.
|
|
Drop Connection
|
Drops all packets associated with the connection, preventing
traffic for the connection from reaching its destination. Use this
action to drop connections for traffic that is not prone to spoofing.
|
|
Close Client
|
Closes the connection and sends an RST packet to the client
but not to the server.
|
|
Close Server
|
Closes the connection and sends an RST packet to the server
but not to the client.
|
|
Close Client and Server
|
Closes the connection and sends an RST packet to both the client
and the server.
|
|
Recommended
|
All predefined attack objects have a default action associated
with them. This is the action that Juniper Networks recommends when
that attack is detected.
Note:
This action is supported only for IPS rulebases.
Recommended —A list of all attack objects that Juniper
Networks considers to be serious threats, organized into categories.
- Attack type groups attack objects by type (anomaly or
signature). Within each type, attack objects are grouped by severity.
- Category groups attack objects by predefined categories.
Within each category, attack objects are grouped by severity.
- Operating system groups attack objects by the operating
system to which they apply: BSD, Linux, Solaris, or Windows. Within
each operating system, attack objects are grouped by services and
severity.
- Severity groups attack objects by the severity assigned
to the attack. IDP has five severity levels: Critical, Major, Minor,
Warning, and Info. Within each severity, attack objects are grouped
by category.
|
