JUNIPER-JS-SCREENING-MIB Download

jnxJsScreenMonTable

Juniper security Firewall can allow DI protection on each of the device's physical interface. This table collects the screen attributes that monitor the various attacks. The screen options can be enabled at security zone bounded to a interface or interfac ...

jnxJsScreenMonEntry

The screen option monitoring statistics entry. Each entry is uniquely identified by the zone name. The data is collected on a per zone basis. There can be multiple interfaces bound to a particular zones. Hence, the statistics are aggregated across the i ...

jnxJsScreenNumOfIf

Number of interfaces bound to this zone. Each counter contains the aggregated data of all the interfaces

jnxJsScreenMonSynAttk

The SYN (TCP connection request) attack is a common denial of service (DoS) technique characterized by the following pattern: - Using a spoofed IP address not in use on the Internet, an attacker sends multiple SYN packets to the target machine. - For each ...

jnxJsScreenMonTearDrop

Teardrop attacks exploit the reassembly of fragmented IP packets. In the IP header, one of the fields is the fragment offset field, which indicates one of the fields is the fragment offset field. It indicates the starting position of the data contained i ...

jnxJsScreenMonSrcRoute

IP source route options can be used to hide their true address and access restricted areas of a network by specifying a different path. The security device should be able to either block any packets with loose or strict source route options set or detect ...

jnxJsScreenMonPingDeath

The maximum allowable IP packet size is 65,535 bytes, including the packet header (typically 20 bytes long). An ICMP echo request is an IP packet with a pseudo header, which is 8 bytes long. Therefore, the maximum allowable size of the data area of an ICM ...

jnxJsScreenMonAddrSpoof

One method to gain access to a restricted network is to insert a bogus source address in the packet header to make the packet appear to come from a trusted source. This technique is called IP spoofing. The mechanism to detect IP spoofing relies on route t ...

jnxJsScreenMonLand

A combined SYN attack with IP spoof is referred to as Land attack. A Land attack occurs when an attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP address. The receiving system responds by sen ...

jnxJsScreenMonIcmpFlood

An ICMP flood typically occurs when ICMP echo requests overload its victim with so many requests that it expends all its resources responding until it can no longer process valid network traffic. With the ICMP flood protection feature enabled, and a thres ...

jnxJsScreenMonUdpFlood

UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the victim to the point that it can no longer handle valid connections. With the UDP flood protection feature enabled, a threshold can be set w ...

jnxJsScreenMonWinnuke

WinNuke is a DoS attack targeting any computer on the internet running Windows. The attacker sends a TCP segment, usually to NetBIOS port 139 with the urgent (URG) flag set, to a host with an established connection. This introduces a NetBIOS fragment ove ...

jnxJsScreenMonPortScan

A port scan occurs when one source IP address sends IP packets containing TCP SYN segments to a defined number of different ports at the same destination IP address within a defined interval. The purpose of this attack is to scan the available services in ...

jnxJsScreenMonIpSweep

An address sweep occurs when one source IP address sends a defined number of ICMP packets to different hosts within a defined interval. The purpose of this attack is to send ICMP packets, typically echo requests, to various hosts in the hope that at least ...

jnxJsScreenMonSynFrag

IP encapsulates a TCP SYN segment in the IP packet that initiates a TCP connection. The purpose is to initiate a connection and to invoke a SYN/ACK segment response. The SYN segment typically does not contain any data since the IP packet is small and the ...

jnxJsScreenMonTcpNoFlag

A normal TCP segment header has at least one flag control set. A TCP segment with no control flags set is an anomalous event. Operating systems respond to such anomalies in different ways. The response, or even lack of response, from the targeted device c ...

jnxJsScreenMonIpUnknownProt

According to RFC 1700, some protocol types in IP header are reserved and unassigned at this time. Precisely because these protocols are undefined, there is no way to know in advance if a particular unknown protocol is benign or malicious. Unless your net ...

jnxJsScreenMonIpOptBad

IP protocol specifies a set of eight options that provide special routing controls, diagnostic tools, and security. These eight options can be used for malicious objectives. Either intentionally or accidentally, attackers sometimes misconfigure IP options ...

jnxJsScreenMonIpOptRecRt

The IP standard RFC 791 specifies a set of options to provide special routing controls, diagnostic tools, and security. These options appear after the destination address in an IP packet header. When they do appear, they are frequently being put to some ...

jnxJsScreenMonIpOptTimestamp

The IP standard RFC 791 specifies a set of options to provide special routing controls, diagnostic tools, and security. These options appear after the destination address in an IP packet header. When they do appear, they are frequently being put to some ...

jnxJsScreenMonIpOptSecurity

The IP standard RFC 791 specifies a set of options to provide special routing controls, diagnostic tools, and security. These options appear after the destination address in an IP packet header. When they do appear, they are frequently being put to some ...

jnxJsScreenMonIpOptLSR

Attackers can use IP source route options to hide their true address and access restricted areas of a network by specifying a different path. The security device should be able to either block any packets with loose or strict source route options set or ...

jnxJsScreenMonIpOptSSR

Attackers can use IP source route options to hide their true address and access restricted areas of a network by specifying a different path. The security device should be able to either block any packets with loose or strict source route options set or ...

jnxJsScreenMonIpOptStream

The IP standard RFC 791 specifies a set of options to provide special routing controls, diagnostic tools, and security. These options appear after the destination address in an IP packet header. When they do appear, they are frequently being put to some ...

jnxJsScreenMonIcmpFrag

ICMP provides error reporting and network probe capabilities. ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something has gone amiss. Wi ...

jnxJsScreenMonIcmpLarge

ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is unusually large, something is wrong. For example, the Loki program uses ICMP as a channel for transmitting covert messages. The ...

jnxJsScreenMonTcpSynFin

Both the SYN and FIN control flags are not normally set in the same TCP segment header. The SYN flag synchronizes sequence numbers to initiate a TCP connection. The FIN flag indicates the end of data transmission to finish a TCP connection. Their purposes ...

jnxJsScreenMonTcpFinNoAck

A FIN scan sends TCP segments with the FIN flag set in an attempt to provoke a response and thereby discover an active host or an active port on a host. The use of TCP segments with the FIN flag set might evade detection and thereby help the attacker succ ...

jnxJsScreenMonLimitSessSrc

All the virus-generated traffic originates from the same IP address (generally from a infected server), a source-based session limit ensures that the firewall can curb such excessive amounts of traffic. Based on a threshold value, if the number of concur ...

jnxJsScreenMonLimitSessDest

The user can limit the number of concurrent sessions to the same destination IP address. A wily attacker can launch a distributed denial-of-service (DDoS) attack using 'zombie agents'. Setting a destination-based session limit can ensure that device all ...

jnxJsScreenMonSynAckAck

When an authentication user initiates a Telnet or FTP connection, the user sends a SYN segment to the Telnet or FTP server. The device intercepts the SYN segment, creates an entry in its session table, and proxies a SYN-ACK segment to the user. The user t ...

jnxJsScreenMonIpFrag

As packets travels, it is sometimes necessary to break a packet into smaller fragments based upon the maximum transmission unit (MTU) of each network. IP fragments might contain an attacker's attempt to exploit the vulnerabilities in the packet reassembly ...

jnxJsScreenSynAttackThresh

The number of SYN segments to the same destination address and port number per second required to activate the SYN proxying mechanism. In order to set the appropriate threshold value, it requires a through knowledge of the normal traffic patterns at site ...

jnxJsScreenSynAttackTimeout

The maximum length of time before a half-completed connection is dropped from the queue. The default is 20 seconds. This attributes display the SYN attack timeout value.

jnxJsScreenSynAttackAlmTh

The syn attack alarm threshold causes an alarm to be generated when the number of proxied, half-complete TCP connection requests per second requests to the same destination address and port number exceeds its value. This attribute display the SYN attack a ...

jnxJsScreenSynAttackQueSize

The number of proxied connection requests held in the proxied connection queue before the device starts rejecting new connection requests. This attribute displays the SYN attack queue size. This object has been deprecated.

jnxJsScreenSynAttackAgeTime

SYN flood age time. This object has been deprecated.

jnxJsScreenIcmpFloodThresh

ICMP flooding occurs when an attacker sends IP packets containing ICMP datagrams with the purpose of slowing down the victim to the point that it can no longer handle valid connections. This attributes display the ICMP attack alarm threshold value.

jnxJsScreenUdpFloodThresh

UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the victim to the point that it can no longer handle valid connections. The default threshold value is 1000 packets per second. This attribute ...

jnxJsScreenPortScanThresh

The port scan threshold interval is in microseconds. The default threshold value is 5000. The valid threshold range is 1000-1000000. By using the default settings, if a remote host scans 10 ports in 0.005 seconds (5000 microseconds), the device flags th ...

jnxJsScreenIpSweepThresh

The IP sweep threshold interval is in microseconds. The default threshold value is 5000. The valid threshold range is 1000-1000000. By using the default settings, if a remote host sends ICMP traffic to 10 addresses in 0.005 seconds (5000 microseconds), ...

jnxJsScreenSynAckAckThres

SYN ack ack alarm threshold value.

jnxJsScreenMonThreshTable

This table is a read-only table that augments the jnxJsScreenMonTable. The purpose of this table is to keep threshold and counter information about Syn Flood and Session Limit.

jnxJsScreenMonThreshEntry

Syn Flood and Session Limit thresholds and counts.

jnxJsScreenSynFloodSrcThresh

The number of SYN segments received per second from a single source IP - regardless of the destination IP address and port number - before the security device begins dropping connection requests from that source.

jnxJsScreenSynFloodDstThresh

The number of SYN segments received per second from a single destination IP address before the security device begins dropping connection requests to that destination. If a protected host runs multiple services, you might want to set a threshold based on ...

jnxJsScreenSessLimitSrcThresh

The security device can impose a limit on the number of SYN segments permitted from a single source IP address.

jnxJsScreenSessLimitDstThresh

The security device can impose a limit on the number of SYN segments permitted to a single destination IP address.

jnxJsScreenMonSynFloodSrc

The number of concurrent sessions from the same source IP address.

jnxJsScreenMonSynFloodDst

The number of concurrent sessions to the same destination IP address.

jnxJsScreenAttackType

The type of attacks that the device support.

jnxJsScreenAttackCounter

The threshold value that triggers the trap to be generated.

jnxJsScreenAttackDescr

The description pertinent to the attack trap.

jnxJsScreenCfgStatus

The screening option configuration status: enabled or disabled.