SRX

Expand all | Collapse all

Is there any other way to see the IDP signature protected?

Jump to Best Answer
  • 1.  Is there any other way to see the IDP signature protected?

    Posted 05-07-2018 06:04

    Hi all,

     

    Can someone advise me if have any other method can see pattern detail that protected ad per below output?

     

     

    srx5600> show security idp attack detail HTTP:APACHE:HTTPD-MOD-CACHE-DOS
    Display Name: HTTP: Apache HttpD Mod Cache SoCache Denial of Service
    Severity: Minor
    Category: HTTP
    Recommended: true
    Recommended Action: Drop
    Type: signature
    Direction: CTS
    False Positives: unknown
    Shellcode: no
    Flow: control
    Context: http-header
    Negate: false
    TimeBinding:
            Scope: none
            Count: 1
    Hidden Pattern: True
    Pattern: Protected

     

     

    thanks.



  • 2.  RE: Is there any other way to see the IDP signature protected?

    Posted 05-07-2018 18:50

    Hi,

    The protected pattern can not be seen. Please see the KB for more details:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB25261&cat=IDP_OS&actp=LIST

     



  • 3.  RE: Is there any other way to see the IDP signature protected?

    Posted 05-07-2018 23:54

    Hi Nellika,

     

    If i open JTAC, is it possible JTAC will share the pattern info to partner?

     

    Thanks.



  • 4.  RE: Is there any other way to see the IDP signature protected?
    Best Answer

     
    Posted 05-10-2018 02:22

    No, JTAC cannot share this information since this is proprietory.

     

    Anand



  • 5.  RE: Is there any other way to see the IDP signature protected?

     
    Posted 05-10-2018 03:15

    If you are experiencing a false positive hit with your application on this signature, I would open a JTAC case to investigate.  They can help with that type of issue.

     



  • 6.  RE: Is there any other way to see the IDP signature protected?

    Posted 05-11-2018 02:19

    Hi all,

     

    Thanks for the feedback