Saturday 30 November 2013

Juniper SRX - IDP Categories

Hi Everyone,

While trying to define some custom attack-groups for IPS, I was unable to actually locate a full list of categories to define my groups with. As such, I've included a list for everyone from the latest Attack Database below:

root@SRX210_A% cli show security idp predefined-attacks | sed 's/\"//g' | awk -F":" '{print $1}' | uniq

APP
CHARGEN
CHAT
DB
DDOS
DHCP
DISCARD
DNS
DOS
ECHO
FINGER
FTP
GOPHER
HTTP
ICMP
IDENT
IKE
IMAP
IP
LDAP
LPD
LPR
MISC
MS-RPC
NDMP
NETBIOS
NFS
NNTP
NTP
OS
P2P
POP3
PORTMAPPER
PROTOCOLS
RADIUS
REXEC
RLOGIN
RPC
RSH
RSYNC
RTSP
RUSERS
SCADA
SCAN
SHELLCODE
SMB
SMTP
SNMP
SNMPTRAP
SPYWARE
SSH
SSL
SYSLOG
TCP
TELNET
TFTP
TIP
TROJAN
UDP
VIRUS
VNC
VOIP
WHOIS
WORM
X11

As an aside, I found it mildly interesting to see the protections-per-category breakdown from Juniper:

root@SRX210_A% cli show security idp predefined-attacks | sed 's/\"//g' | awk -F":" '{print $1}' | sort | uniq -c | sort -n -r
4019 HTTP
 804 APP
 793 SPYWARE
 269 TROJAN
 260 SCAN
 254 SMTP
 209 DB
 160 CHAT
 158 VOIP
 156 SMB
 155 FTP
 145 P2P
 114 POP3
 109 DNS
 108 MS-RPC
 101 LDAP
  90 SHELLCODE
  80 SCADA
  76 SNMP
  75 WORM
  73 TCP
  65 IMAP
  62 SSL
  58 NETBIOS
  51 TELNET
  51 RPC
  47 SNMPTRAP
  42 DOS
  40 LPR
  40 DHCP
  37 VNC
  33 NTP
  33 NFS
  33 DDOS
  31 TFTP
  25 RADIUS
  23 RTSP
  22 ICMP
  20 SSH
  18 SYSLOG
  17 IKE
  17 FINGER
  16 RUSERS
  15 PROTOCOLS
  14 VIRUS
  14 PORTMAPPER
  14 NNTP
  13 OS
  13 IP
  12 RLOGIN
  12 IDENT
  10 GOPHER
   9 RSH
   6 MISC
   5 REXEC
   4 UDP
   4 LPD
   4 ECHO
   3 X11
   3 WHOIS
   3 RSYNC
   3 DISCARD
   3 CHARGEN
   2 TIP
   1 NDMP

No comments:

Post a Comment