show security idp attack detail
Syntax
show security idp attack detail attack-name
Description
Display details of a specified IDP attack.
Options
attack-name—IDP attack name.
Required Privilege Level
view
Output Fields
Table 1 lists the output fields
for the show security idp attack detail command. Output
fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Display name of the IDP attack. |
|
Severity level of the IDP attack. |
|
IDP attack category. |
|
Specifies whether a default action for the IDP attack is recommended by Juniper Networks (true or false). |
|
Recommended action for the IDP attack. |
|
Type of IDP attack. |
|
Direction of the IDP attack. |
|
Specifies whether the IDP attack produces false positive on the network. |
|
IDP service configured for the IDP attack. If a service
is configured for the IDP attack, the IDP service name is displayed.
Otherwise, |
|
Name of attack member in IDP attack |
|
Specifies the Boolean expression of attack members used to identify the way(for example, OR, AND, or oAND) attack members should be matched. |
|
Specifies the Boolean expression of PCRE format based attack members used to identify the way(for example, OR, AND, or oAND) attack members should be matched. If this field is not present “Expression” is used as a Boolean expression for attack matching. |
|
Signifies if the IDP attack is a shellcode attack. |
|
Signifies the channel(control, data) of IDP attack. |
|
Name of the context under which IDP attack has to be matched. |
|
Signifies if the signature in the IDP attack is a negate signature. |
|
Specifies count and scope under which the attack is valid. |
|
Specifies the regular expression in the IDP attack. |
|
Specifies the regular expression in PCRE format in the IDP attack. |
|
Specifies if the attack pattern is hidden. |
Sample Output
- show security idp attack detail FTP:USER:ROOT
- show security idp attack detail TROJAN:MISC:ROOTBEER-CLIENT
show security idp attack detail FTP:USER:ROOT
user@hostt> run show security idp attack detail FTP:USER:ROOT
Display Name: FTP: "root" Account Login
Severity: Minor
Category: FTP
Recommended: false
Recommended Action: None
Type: signature
Direction: CTS
False Positives: unknown
Shellcode: no
Flow: control
Context: ftp-username
Negate: false
TimeBinding:
Scope: none
Count: 1
Hidden Pattern: False
Pattern: \[root\]show security idp attack detail TROJAN:MISC:ROOTBEER-CLIENT
user@host> show security idp attack detail TROJAN:MISC:ROOTBEER-CLIENT
Display Name: TROJAN: Digital Rootbeer Client Connect
Severity: Minor
Category: TROJAN
Recommended: false
Recommended Action: None
Type: chain
False Positives: unknown
Service: TCP/2600
Expression: m01 oAND m02
Order: no
Reset: no
Scope: session
TimeBinding:
Members:
Member Name: m01
Type: Signature
Direction: CTS
Flow: control
Shellcode: no
Context: stream256
Negate: false
Hidden Pattern: False
Pattern: .*/QUE,who are you\.\.\.\?.*
PCRE Pattern: ^(.)*\/QUE,who are you\.\.\.\?
Member Name: m02
Type: Signature
Direction: STC
Flow: control
Shellcode: no
Context: stream256
Negate: false
Hidden Pattern: False
Pattern: .*/QUE,billy the kid.*
PCRE Pattern: ^(.)*\/QUE,billy the kid
Release Information
Command introduced in Junos OS Release 11.4.