Understanding Predefined Attack Objects and Groups

The security package for IDP contains a database of predefined IDP attack objects and IDP attack object groups that you can use in IDP policies to match traffic against known and unknown attacks. Juniper Networks updates the predefined attack objects and groups on a regular basis with newly discovered attack patterns.

Updates to the attack object database can include:

• New descriptions or severities for existing attack objects
• New attack objects
• Deletion of obsolete attack objects

Predefined Attack Objects

Predefined attack objects are listed in an alphabetical order. These attack objects have unique names that help you identify the attack. The first part of the name indicates the group to which the attack object belongs. For example:

• FTP:USER:ROOT—Belongs to the FTP:USER group. It detects attempts to log in to an FTP server using the root account.
• HTTP:HOTMAIL:FILE-UPLOAD—Belongs to the HTTP:HOTMAIL group. It detects files attached to e-mails sent via the Web-based e-mail service Hotmail.

Predefined Attack Object Groups

The predefined attack groups list displays the attack objects in the categories described below. A set of recommended attack objects that Juniper Networks considers to be serious threats are also available in this list. The recommended attack objects are organized into the following categories:

• Attack Type—Groups attack objects by type (anomaly or signature). Within each type, attack objects are grouped by severity.
• Category— Groups attack objects by predefined categories. Within each category, attack objects are grouped by severity.
• Operating System—Groups attack objects by the operating system to which they apply: BSD, Linux, Solaris, or Windows. Within each operating system, attack objects are grouped by services and severity.
• Severity—Groups attack objects by the severity assigned to the attack. IDP has five severity levels: Critical, Major, Minor, Warning, Info. Within each severity, attack objects are grouped by category.
• Web Services—Groups attack objects by common Web services. These services are grouped by severity levels—Warning, Critical, Major, Minor, Info.
• Miscellaneous—Groups attack objects by performance level. Attack objects affecting IDP performance over a certain level are grouped under this category.
• Response—Groups attack objects in traffic flowing in the server to client direction.

Related Topics

• Updating the Signature Database Manually
• Defining Rules for an IPS Rulebase
• Defining Rules for an Exempt Rulebase

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.