Understanding IDP Protocol Anomaly-Based Attacks

A protocol anomaly attack object detects unknown or sophisticated attacks that violate protocol specifications (RFCs and common RFC extensions). You cannot create new protocol anomalies, but you can configure a new attack object that controls how your device handles a predefined protocol anomaly when detected.

The following properties are specific to protocol anomaly attacks:

• Attack direction
• Test condition

When configuring protocol anomaly-based attacks, keep the following in mind:

• The service or application binding is a mandatory field for protocol anomaly attacks. Besides the supported applications, services also include IP, TCP, UDP, ICMP, and RPC.
• The attack direction and test condition properties are mandatory fields for configuring anomaly attack definitions.

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• IDP Policies Overview
• Understanding IDP Protocol Decoders
• Understanding Custom Attack Objects
• Understanding Predefined IDP Attack Objects and Object Groups
• Example: Configuring IDP Protocol Anomaly-Based Attacks (CLI)