Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Fri Dec 15, 2017 1:36 am


News News of Deep Packet Inspection / Application Identification / Application FIrewall

Site map of Deep Packet Inspection / Application Identification / Application FIrewall » Forum : Deep Packet Inspection / Application Identification / Application FIrewall


Message
 Post subject: Juniper SRX/IDP custom attack signature to block .EXE file download
PostPosted: Mon Jun 11, 2012 6:11 pm 
HTTP transfer can take place either by requesting the direct file (example: http://somedomain.com/virus.exe), which is very easy for IDS systems or by serving the file from a dynamic server script (php) using the "attachment" content disposition mime type.

Example of http request of url direct file request using tcpdump:

.UL.....GET /nginx/download.exe HTTP/1.1
Host: 82.78.227.176
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Connection: ...

Read more : Juniper SRX/IDP custom attack signature to block .EXE file download | Views : 3115 | Replies : 3

Top
 Post subject: SRX IDP: JPME compilation failed - Junos 11.4
PostPosted: Mon Jun 11, 2012 4:17 pm 
Starting with Junos 11.4, IDP uses a hardware component to compile policy. This provides some advantages over the software compiler ("idpd" process on control plane):
- faster compile time.
- resulted policy memory footprint is ~80% smaller.
- some minor bugs that Juniper will fix in next releases.

When using custom signatures, one common mistake is forgetting to close the case insensitive denoting brackets ( \ ).

This will result in a JPME error: ...

Read more : SRX IDP: JPME compilation failed - Junos 11.4 | Views : 521 | Replies : 0

Top

Last 10 active topics


Shell Scripting and Programming

No new posts BASH shell script to mointor a directory and move file without overwriting destination
View the latest post
No new posts FreeBSD: Install python package manager (pip)
View the latest post
No new posts Shell scripting
View the latest post

OpenLDAP - Lightweight Directory Access Protocol

No new posts Synchronize OpenLDAP and Microsoft Active Directory
View the latest post

Routing and dynamic routing protocols

No new posts BGP Notification Message (3), length: 21, OPEN Message Error (2), subcode Authentication Failure
View the latest post
No new posts JUNOS BGP: How to drain a BGP peering router gracefully without bgp session reset
View the latest post

TCP/IP Networking

No new posts Problem pinging and using server with mobile hotspot
View the latest post

Memory, Storage, Backup and Filesystems

No new posts FreeBSD: List disk drives and re-scan after adding hot-add disk (in virtual environments)
View the latest post

Apache, Nginx, Lighttpd and other web server software

No new posts NGINX: 413 Request Entity Too Large
View the latest post

System administration

No new posts MAC OS X: read image/jpeg EXIF information on command line
View the latest post

Login

Username:   Password:   Log me on automatically each visit  

Statistics

Statistics

Total posts 612 | Total topics 982 | Total members 1192



News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO