Intrusion Detection Service Configuration Guidelines

The Adaptive Services (AS) or Multiservices PIC supports a limited set of intrusion detection services (IDS) to perform attack detection. You can use IDS to perform the following tasks:

IDS enables you to focus attack detection and remedial actions on specific hosts or networks that you specify in the IDS terms. Signature detection is not supported.

To configure IDS, include the ids statement at the [edit services] hierarchy level:

[edit services]ids {rule rule-name {match-direction (input | output | input-output);term term-name {rule {application-sets set-name;applications [ application-names ];destination-address (address | any-unicast) <except>;destination-address-range low minimum-value high maximum-value <except>;destination-prefix-list list-name <except>;source-address (address | any-unicast) <except>;source-address-range low minimum-value high maximum-value <except>;source-prefix-list list-name <except>;}then {aggregation {destination-prefix prefix-value | destination-prefix-ipv6 prefix-value;source-prefix prefix-value | source-prefix-ipv6 prefix-value;}(force-entry | ignore-entry);logging {syslog;threshold rate;}session-limit {by-destination {hold-time seconds;maximum number;packets number;rate number;}by-pair {hold-time seconds;maximum number;packets number;rate number;}by-source {hold-time seconds;maximum number;packets number;rate number;}}syn-cookie {mss value;threshold rate;}}}}rule-set rule-set-name {[ rule rule-names ];}}

Note: The Junos OS uses stateful firewall settings as a basis for performing IDS. You must commit a stateful firewall configuration in the same service set for IDS to function properly.

This chapter contains the following sections:

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.