Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Default Remote Network Groups

JSA includes default remote network groups.

The following table describes the default remote network groups.

Table 1: Default Remote Network Groups

Group

Description

BOT

Specifies traffic that originates from BOT applications.

For more information, see Botnet Command and Control drop rules on the Emerging Threats website (http://rules.emergingthreats.net/blockrules/emerging-botcc.rules)

Bogon

Specifies traffic that originates from unassigned IP addresses.

For more information, see bogon reference on the Team CYMRU website (http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt).

HostileNets

Specifies traffic that originates from known hostile networks.

HostileNets has a set of 20 (rank 1 - 20 inclusive) configurable CIDR ranges.

For more information, see HostileNets reference on the DShield website (http://www.dshield.org/ipsascii.html?limit=20)

Neighbours

Specifies traffic that originates from nearby networks that your organization has network peering agreements with.

This group is blank by default. You must configure this group to classify traffic that originates from neighboring networks.

Smurfs

Specifies traffic that originates from smurf attacks.

A smurf attack is a type of denial-of-service attack that floods a destination system with spoofed broadcast ping messages.

Superflows

This group is non-configurable.

A superflow is a flow that is an aggregate of a number of flows that have a similar predetermined set of elements.

TrustedNetworks

Specifies traffic from trusted networks, including business partners that have remote access to your critical applications and services.

This group is blank by default.

You must configure this group to classify traffic that originates from trusted networks.

Watchlists

Classifies traffic that originates from networks that you want to monitor.

This group is blank by default.

Groups and objects that include superflows are only for informational purposes and cannot be edited. Groups and objects that include bogons are configured by the automatic update function.

Note:

You can use reference sets instead of remote networks to provide some of this functionality. Although you can assign a confidence level to an IP value in a reference table, reference sets are used only with single IPs and cannot be used with CIDR ranges. You can use a CIDR value after a remote network update, but not with weight or confidence levels.