 |
Note: The JUNOS software uses stateful firewall settings as a basis for performing IDS. You must commit a stateful firewall configuration in the same service set for IDS to function properly. |
The Adaptive Services (AS) or MultiServices PIC supports a limited set of intrusion detection services (IDS) to perform attack detection. You can use IDS to perform the following tasks:
IDS enables you to focus attack detection and remedial actions on specific hosts or networks that you specify in the IDS terms. Signature detection is not supported.
To configure IDS, include the ids statement at the [edit services] hierarchy level:
- [edit services]
- ids {
-
- rule rule-name {
- match-direction (input | output | input-output);
-
- term term-name {
-
- rule {
- application-sets set-name;
- applications [ application-names ];
- destination-address (address | any-unicast) <except>;
- destination-address-range low minimum-value high maximum-value <except>;
- destination-prefix-list list-name <except>;
- source-address (address | any-unicast) <except>;
- source-address-range low minimum-value high maximum-value <except>;
- source-prefix-list list-name <except>;
- }
-
- then {
-
- aggregation {
- destination-prefix prefix-value | destination-prefix-ipv6 prefix-value;
- source-prefix prefix-value | source-prefix-ipv6 prefix-value;
- }
- (force-entry | ignore-entry);
-
-
- session-limit {
-
- by-destination {
- hold-time seconds;
- maximum number;
- packets number;
- rate number;
- }
-
- by-pair {
- hold-time seconds;
- maximum number;
- packets number;
- rate number;
- }
-
- by-source {
- hold-time seconds;
- maximum number;
- packets number;
- rate number;
- }
- }
-
- syn-cookie {
- mss value;
- threshold rate;
- }
- }
- }
- }
-
- }
|
Note: The JUNOS software uses stateful firewall settings as a basis for performing IDS. You must commit a stateful firewall configuration in the same service set for IDS to function properly. |
This chapter contains the following sections: