Junos Security by Rob Cameron Brad Woodberg Patricio Giecco Timothy Eberhard and James Quinn

Author:Rob Cameron, Brad Woodberg, Patricio Giecco, Timothy Eberhard, and James Quinn
Language: eng
Format: mobi, epub
Tags: COMPUTERS / Networking / Security
Publisher: O’Reilly Media
Published: 2010-08-15T16:00:00+00:00

Drop-Packet

Drop-Packet will drop an individual offending packet, but not the rest of the session. Typically, you want to use the Drop-Connection action when malicious activity is detected on a flow, but in some cases, you might just want to prevent a particular activity which might be contained within a session (such as a file transfer) without dropping the entire session. Of course, this is highly dependent on the application’s architecture, so when in doubt, either research the application or just use Drop-Connection. Drop-Packet may be useful for attacks that consist of only a single packet (such as SQL Slammer), but this isn’t very common. Note that Drop-Packet will not have any impact in inline tap mode, since the original packet (not the copied one to the IPS engine) has already made it through the SRX and will be recorded as action DISMISS in the logs.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.