Juniper Networks IDP Series

Stateful signature The IDP rulebase attack object signatures are bound to protocol context. As a result, this detection method produces few false positives. Protocol anomaly The IDP rulebase attack objects detect protocol usages that violate published RFCs. This method protects your network from undiscovered vulnerabilities. Traffic anomaly The Traffic Anomalies rulebase uses heuristic rules to detect unexpected traffic patterns that might indicate reconnaissance or attacks. This method blocks distributed denial-of-service (DDoS) attacks and prevents reconnaissance activities. Backdoor The Backdoor rulebase uses heuristic-based anomalous traffic patterns and packet analysis to detect Trojans and rootkits. These methods prevent proliferation of malware in case other security measures have been compromised. IP spoofing The IDP appliance checks the validity of allowed addresses inside and outside the network, permitting only authentic traffic and blocking traffic with a disguised source. Layer 2 attacks The IDP appliance prevents Layer 2 attacks using rules for Address Resolution Protocol (ARP) tables, fragment handling, connection timeouts, and byte/length thresholds for packets. These methods prevent a compromised host from polluting an internal network using methods such as ARP cache poisoning. Denial of service (DoS) The SYN Protector rulebase provides two, alternative methods to prevent SYN-flood attacks. Network honeypot The IDP appliance impersonates vulnerable ports so you can track attacker reconnaissance activity.