Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Sun Aug 20, 2017 6:17 pm


News News of Deep Packet Inspection / Application Identification / Application FIrewall

Site map of Deep Packet Inspection / Application Identification / Application FIrewall » Forum : Deep Packet Inspection / Application Identification / Application FIrewall


Message
 Post subject: Juniper SRX/IDP custom attack signature to block .EXE file download
PostPosted: Mon Jun 11, 2012 6:11 pm 
HTTP transfer can take place either by requesting the direct file (example: http://somedomain.com/virus.exe), which is very easy for IDS systems or by serving the file from a dynamic server script (php) using the "attachment" content disposition mime type.

Example of http request of url direct file request using tcpdump:

.UL.....GET /nginx/download.exe HTTP/1.1
Host: 82.78.227.176
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Connection: ...

Read more : Juniper SRX/IDP custom attack signature to block .EXE file download | Views : 2896 | Replies : 3

Top
 Post subject: SRX IDP: JPME compilation failed - Junos 11.4
PostPosted: Mon Jun 11, 2012 4:17 pm 
Starting with Junos 11.4, IDP uses a hardware component to compile policy. This provides some advantages over the software compiler ("idpd" process on control plane):
- faster compile time.
- resulted policy memory footprint is ~80% smaller.
- some minor bugs that Juniper will fix in next releases.

When using custom signatures, one common mistake is forgetting to close the case insensitive denoting brackets ( \ ).

This will result in a JPME error: ...

Read more : SRX IDP: JPME compilation failed - Junos 11.4 | Views : 455 | Replies : 0

Top

Last 10 active topics


Shell Scripting and Programming

No new posts AWK: How to replace a newline with actual \n
View the latest post
No new posts How to use $variable in conditional sentences?
View the latest post
No new posts Scan IP range using nmap
View the latest post
No new posts Password generator with user inputs bash script
View the latest post

Virtualization

No new posts SSH Login to Vmware ESXi with ssh keys
View the latest post
No new posts How to retrieve Vmware ESXi license from ssh shell command line
View the latest post

TCP/IP Networking

No new posts TCP ack after two packets
View the latest post

Junos Tips & Tricks

No new posts MTR / My traceroute in Junos
View the latest post

VPS Hosting & Security

No new posts Host a gmod server on a vps or shared host?
View the latest post

Juniper virtual MX (vMX)

No new posts Juniper Virtual MX (vMX) 14.2R5.3 Phase 2 (RE and MPC on different VMs)
View the latest post

Login

Username:   Password:   Log me on automatically each visit  

Statistics

Statistics

Total posts 601 | Total topics 970 | Total members 1193



News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO