CLI Configuration

To create a custom attack object:

1. Specify a name for the attack. The following statement specifies FTPJuniper as the name of the attack.

   user@host# set security idp custom-attack FTPJuniper

2. Specify the updated attack object definition as the attack description. Obtain the predefined attack objects from the following file on your system: /var/db/idpd/sec-download/SignatureUpdate.xml. Use standard UNIX commands to copy the XML string of the FTP:USER:ROOT attack from the signature update file and update the XML definitions. Add the updated definition as the attack description in the following statement:

   user@host#

   set security idp custom-attack FTPJuniper attack-description
   <Entry><Name>FTP:USER:JUNIPER</Name><DisplayName>FTP: “Juniper”Account Login </DisplayName
   <Severity>Medium</Severity><Category>FTP</Category><Keywords />
   <Recommended>false</Recommended><Description>This signature detects attempts to login to an FTP server using the "JUNIPER" account. 
   This can indicate an attacker trying to gain special access, or it can indicate poor security practices.
   FTP typically uses plain-text passwords, and using the root account to FTP could expose sensitive data over the network
   </Description><Extended></Extended><Attacks><Type>signature</Type>
   <FalsePositives>unknown</FalsePositives><Service />
   <TimeBinding><Scope>session</Scope><Count>1</Count></TimeBinding>
   <Direction>CTS</Direction><Flow>control</Flow><Post /><Application />
   <Context>ftp-username</Context><Negate>false</Negate>
   <Pattern><![CDATA[\[root\]]]></Pattern></Attack></Entry>
   

3. If you are finished configuring the router, commit the configuration.
4. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the JUNOS Software CLI Reference.