Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  SRX Firewall IPS Signature Demonstration

    Posted 10-04-2021 10:51
    I am using SRX320 with IPS. I need to demonstrate IPS signature trigger by traffic/access simulation, I am trying SQL injection by web access but it doesn't seem to work.  What's the easiest way to demonstrate any IPS signature?

    ------------------------------
    Avil Tauro
    ------------------------------


  • 2.  RE: SRX Firewall IPS Signature Demonstration

     
    Posted 10-04-2021 13:27

    Hi, 

    One of the easiest signatures to trigger is IP:EXPLOIT:SAME-SRC-DST

    You can use hping to spoof src IP to be same as a dst IP which will trigger this signature.

    Other potential signatures are HTTP based HTTP:EXPLOIT:BRUTE-FORCE and HTTP:PHP:WP-BRUTE-FORCE-LOGIN
    This requires having an HTTP server and wordpress for second one. Note HTTP:EXPLOIT:BRUTE-FORCE does not result in blocking action.

    For brute-force attacks you can use tools like hydra or wpscan for wordpress.

    HTH.

    Ashvin



    ------------------------------
    Ashvin
    ------------------------------



  • 3.  RE: SRX Firewall IPS Signature Demonstration

    Posted 10-05-2021 05:18
    I have the web server running, http allowed and I am appending the following to URL, but I don't see any logs getting generated. Could you share the policy for IPS to trigger alerts.

    get_int_filtered.php?id=1
    get_int_groupby.php?id=1
    get_int_having.php?id=1
    get_int_img.php?id=1
    get_int_inline.php?id=SELECT+name+FROM+users

    ------------------------------
    Avil Tauro
    ------------------------------



  • 4.  RE: SRX Firewall IPS Signature Demonstration

    Posted 11-28-2021 05:42
    Any Juniper experts to provide ma a resolution as to why sql injection signature does not trigger alerts?

    ------------------------------
    Avil Tauro
    ------------------------------