Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Thu Jul 19, 2018 11:01 pm


News News of Deep Packet Inspection / Application Identification / Application FIrewall

Site map of Deep Packet Inspection / Application Identification / Application FIrewall » Forum : Deep Packet Inspection / Application Identification / Application FIrewall


Message
 Post subject: Juniper SRX/IDP custom attack signature to block .EXE file download
PostPosted: Mon Jun 11, 2012 6:11 pm 
HTTP transfer can take place either by requesting the direct file (example: http://somedomain.com/virus.exe), which is very easy for IDS systems or by serving the file from a dynamic server script (php) using the "attachment" content disposition mime type.

Example of http request of url direct file request using tcpdump:

.UL.....GET /nginx/download.exe HTTP/1.1
Host: 82.78.227.176
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Connection: ...

Read more : Juniper SRX/IDP custom attack signature to block .EXE file download | Views : 3678 | Replies : 3

Top
 Post subject: SRX IDP: JPME compilation failed - Junos 11.4
PostPosted: Mon Jun 11, 2012 4:17 pm 
Starting with Junos 11.4, IDP uses a hardware component to compile policy. This provides some advantages over the software compiler ("idpd" process on control plane):
- faster compile time.
- resulted policy memory footprint is ~80% smaller.
- some minor bugs that Juniper will fix in next releases.

When using custom signatures, one common mistake is forgetting to close the case insensitive denoting brackets ( \ ).

This will result in a JPME error: ...

Read more : SRX IDP: JPME compilation failed - Junos 11.4 | Views : 739 | Replies : 0

Top

Last 10 active topics


Tutorials for general Unix

No new posts use "Ctr-A Ctr-\ " combination to terminate SCREEN session
View the latest post

Juniper SRX

No new posts SRX300 - How to connect to serial console via USB port in MacOS
View the latest post

Shell Scripting and Programming

No new posts DD (Disk Dump) show write progress
View the latest post
No new posts BASH shell script to mointor a directory and move file without overwriting destination
View the latest post
No new posts FreeBSD: Install python package manager (pip)
View the latest post

Virtualization

No new posts Vmware ESXi: create custom named vmdk virtual disk [cli]
View the latest post
No new posts Vmware ESXi: vmkfstools: Extra arguments at the end of the command line.
View the latest post

OpenLDAP - Lightweight Directory Access Protocol

No new posts Synchronize OpenLDAP and Microsoft Active Directory
View the latest post

Routing and dynamic routing protocols

No new posts BGP Notification Message (3), length: 21, OPEN Message Error (2), subcode Authentication Failure
View the latest post

TCP/IP Networking

No new posts Problem pinging and using server with mobile hotspot
View the latest post

Login

Username:   Password:   Log me on automatically each visit  

Statistics

Statistics

Total posts 617 | Total topics 987 | Total members 1192



cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO