Pages

Sunday, July 24, 2016

Juniper IDP via NMS



IDP 8200 using NMS (Network and Security Manager) software



Directly domain block by above method.. must add those to any policy like IIG-Policy,VC, URL Block and also update device(idp8200)


*** Filter by Custom attack...  and must add those to any policy like IIG-Policy,VC, URL Block and also update device(idp8200)

 IDP Object: +
name: BTRC-www.xyz.com
Description: www.xyz.com/collections/4212847/BDR-Mutiny
Severity: major
Category: HTTP
Keywords: collections 4212847 BDR-Mutiny

 Attach Versions: +
    tik mark:
idp-5.1.0
idp-5.1.110120907
idp-5.1.110121210
type: Compund Attack -> Next

 Protocol Type: Service
Service: http (predefined) -> Next

 Scope: Transaction
 Boolean Expression: m01 AND m02
 +
 signature
Member Name: m01
pattern: \[(.*\.)?xyz\.com\]

Context: HTTP : HTTP Header Host (predefined)
Direction: Client to Server
ok
 +
  Member Name: m02
pattern: \[/collections/4212847/BDR-Mutiny\]

Context: HTTP : HTTP URL Parsed (predefined)
Direction: Client to Server

Finish






No comments:

Post a Comment