•
IP fragment overlap.
•
IP fragment missed.
•
IP fragment length error.
•
IP packet length is more than 64 kilobytes (KB).
•
Tiny fragment attack.
•
TCP anomalies:
•
TCP port 0.
•
TCP sequence number 0 and flags 0.
•
TCP sequence number 0 and FIN/PSH/RST flags set.
•
TCP flags with wrong combination (TCP FIN/RST or SYN/(URG|FIN|RST).
•
Bad TCP checksum.
•
UDP anomalies:
•
UDP source or destination port 0.
•
UDP header length check failed.
•
Bad UDP checksum.
•
Anomalies found through stateful TCP or UDP checks:
•
SYN followed by SYN-ACK packets without ACK from initiator.
•
SYN followed by RST packets.
•
SYN without SYN-ACK.
•
Non-SYN first flow packet.
•
ICMP unreachable errors for SYN packets.
•
ICMP unreachable errors for UDP packets.
•
Packets dropped according to stateful firewall rules.
NOTE: ACX500 routers do not support IP fragmentation anomalies.
If you employ stateful anomaly detection in conjunction with stateless detection, IDS
can provide early warning for a wide range of attacks, including these:
•
TCP or UDP network probes and port scanning
•
SYN flood attacks
•
IP fragmentation-based attacks such as teardrop, bonk, and boink
Copyright © 2017, Juniper Networks, Inc.1022
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
Need help?
General
