Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
Register
FAQ
It is currently Sun Aug 20, 2017 6:17 pm

ROOT ‹ Site map ‹ News of Ivorde Unix/Linux/Database/Web/Mail Forum ‹ News of Deep Packet Inspection / Application Identification / Application FIrewall ‹ 

News News of Deep Packet Inspection / Application Identification / Application FIrewall

Site map of Deep Packet Inspection / Application Identification / Application FIrewall » Forum : Deep Packet Inspection / Application Identification / Application FIrewall


Message
 Post subject: Juniper SRX/IDP custom attack signature to block .EXE file download
PostPosted: Mon Jun 11, 2012 6:11 pm 
HTTP transfer can take place either by requesting the direct file (example: http://somedomain.com/virus.exe), which is very easy for IDS systems or by serving the file from a dynamic server script (php) using the "attachment" content disposition mime type.

Example of http request of url direct file request using tcpdump:

.UL.....GET /nginx/download.exe HTTP/1.1
Host: 82.78.227.176
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Connection: ...

Read more : Juniper SRX/IDP custom attack signature to block .EXE file download | Views : 2896 | Replies : 3

Top
 Post subject: SRX IDP: JPME compilation failed - Junos 11.4
PostPosted: Mon Jun 11, 2012 4:17 pm 
Starting with Junos 11.4, IDP uses a hardware component to compile policy. This provides some advantages over the software compiler ("idpd" process on control plane):
- faster compile time.
- resulted policy memory footprint is ~80% smaller.
- some minor bugs that Juniper will fix in next releases.

When using custom signatures, one common mistake is forgetting to close the case insensitive denoting brackets ( \ ).

This will result in a JPME error: ...

Read more : SRX IDP: JPME compilation failed - Junos 11.4 | Views : 455 | Replies : 0

Top

Last 10 active topics


Shell Scripting and Programming
No new posts AWK: How to replace a newline with actual \n
 View the latest post
No new posts How to use $variable in conditional sentences?
 View the latest post
No new posts Scan IP range using nmap
 View the latest post
No new posts Password generator with user inputs bash script
 View the latest post

Virtualization
No new posts SSH Login to Vmware ESXi with ssh keys
 View the latest post
No new posts How to retrieve Vmware ESXi license from ssh shell command line
 View the latest post

TCP/IP Networking
No new posts TCP ack after two packets
 View the latest post

Junos Tips & Tricks
No new posts MTR / My traceroute in Junos
 View the latest post

VPS Hosting & Security
No new posts Host a gmod server on a vps or shared host?
 View the latest post

Juniper virtual MX (vMX)
No new posts Juniper Virtual MX (vMX) 14.2R5.3 Phase 2 (RE and MPC on different VMs)
 View the latest post

Login
Username:   Password:   Log me on automatically each visit  

Statistics
Statistics

Total posts 601 | Total topics 970 | Total members 1193

GYM sitemaps & RSS

News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


ROOT ‹ Site map ‹ News of Ivorde Unix/Linux/Database/Web/Mail Forum ‹ News of Deep Packet Inspection / Application Identification / Application FIrewall
Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO