jnxJsScreenMonAddrSpoof
JUNIPER-JS-SCREENING-MIB ·
.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.7
Object
column
SNMPv2-SMICounter64
One method to gain access to a restricted network is to insert
a bogus source address in the packet header to make the packet
appear to come from a trusted source. This technique is called
IP spoofing. The mechanism to detect IP spoofing relies on
route table entries.
For example, if a packet with source IP address 10.1.1.6 arrives
at port eth3, but the device has a route to 10.1.1.0/24 through
port eth1. IP spoofing checking notes that this address arrived
at an invalid interface as defined in the route table. A valid
packet from 10.1.1.6 can only arrive via eth1, not eth3. The
device concludes that the packet has a spoofed source IP address
and discards it.
This attribute records the address spoofing attack packets.
Context
- MIB
- JUNIPER-JS-SCREENING-MIB
- OID
.1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.7- Type
- column
- Access
- readonly
- Status
- current
- Parent
- jnxJsScreenMonEntry
- Table
- jnxJsScreenMonTable
- Siblings
- 63
Syntax
SNMPv2-SMICounter64
- Source
- SNMPv2-SMICounter64
- Base type
Unsigned64
Values & Constraints
Type Constraints
range: 0..18446744073709551615
Related Objects
Sibling Objects
| Object | Type | Syntax | OID |
|---|---|---|---|
| jnxJsScreenZoneName The name of the security zone under which the statistics
are collected. | column | OctetString | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.1 |
| jnxJsScreenMonUdpFlood UDP flooding occurs when an attacker sends IP packets containing
UDP datagrams with the purpose of slowing down the victim to the
point that it can no longer handle valid connect… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.10 |
| jnxJsScreenMonWinnuke WinNuke is a DoS attack targeting any computer on the internet
running Windows. The attacker sends a TCP segment, usually to
NetBIOS port 139 with the urgent (URG) flag set, to… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.11 |
| jnxJsScreenMonPortScan A port scan occurs when one source IP address sends IP packets
containing TCP SYN segments to a defined number of different
ports at the same destination IP address within a def… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.12 |
| jnxJsScreenMonIpSweep An address sweep occurs when one source IP address sends a
defined number of ICMP packets to different hosts within a
defined interval. The purpose of this attack is to send ICM… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.13 |
| jnxJsScreenMonSynFrag IP encapsulates a TCP SYN segment in the IP packet that initiates
a TCP connection. The purpose is to initiate a connection and to
invoke a SYN/ACK segment response. The SYN se… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.14 |
| jnxJsScreenMonTcpNoFlag A normal TCP segment header has at least one flag control set.
A TCP segment with no control flags set is an anomalous event.
Operating systems respond to such anomalies in dif… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.15 |
| jnxJsScreenMonIpUnknownProt According to RFC 1700, some protocol types in IP header are
reserved and unassigned at this time. Precisely because these
protocols are undefined, there is no way to know in adv… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.16 |
| jnxJsScreenMonIpOptBad IP protocol specifies a set of eight options that provide
special routing controls, diagnostic tools, and security.
These eight options can be used for malicious objectives.
… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.17 |
| jnxJsScreenMonIpOptRecRt The IP standard RFC 791 specifies a set of options to provide
special routing controls, diagnostic tools, and security.
These options appear after the destination address in an … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.18 |
| jnxJsScreenMonIpOptTimestamp The IP standard RFC 791 specifies a set of options to provide
special routing controls, diagnostic tools, and security.
These options appear after the destination address in an … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.19 |
| jnxJsScreenNumOfIf Number of interfaces bound to this zone. Each counter
contains the aggregated data of all the interfaces | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.2 |
| jnxJsScreenMonIpOptSecurity The IP standard RFC 791 specifies a set of options to provide
special routing controls, diagnostic tools, and security.
These options appear after the destination address in an … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.20 |
| jnxJsScreenMonIpOptLSR Attackers can use IP source route options to hide their true
address and access restricted areas of a network by specifying
a different path. The security device should be able… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.21 |
| jnxJsScreenMonIpOptSSR Attackers can use IP source route options to hide their true
address and access restricted areas of a network by specifying
a different path. The security device should be able… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.22 |
| jnxJsScreenMonIpOptStream The IP standard RFC 791 specifies a set of options to provide
special routing controls, diagnostic tools, and security.
These options appear after the destination address in an … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.23 |
| jnxJsScreenMonIcmpFrag ICMP provides error reporting and network probe capabilities.
ICMP packets contain very short messages, there is no legitimate
reason for ICMP packets to be fragmented. If an IC… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.24 |
| jnxJsScreenMonIcmpLarge ICMP packets contain very short messages, there is no legitimate
reason for ICMP packets to be fragmented.
If an ICMP packet is unusually large, something is wron… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.25 |
| jnxJsScreenMonTcpSynFin Both the SYN and FIN control flags are not normally set in the
same TCP segment header. The SYN flag synchronizes sequence
numbers to initiate a TCP connection. The FIN flag ind… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.26 |
| jnxJsScreenMonTcpFinNoAck A FIN scan sends TCP segments with the FIN flag set in an
attempt to provoke a response and thereby discover an active
host or an active port on a host. The use of TCP segments … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.27 |
| jnxJsScreenMonLimitSessSrc All the virus-generated traffic originates from the same IP
address (generally from a infected server), a source-based
session limit ensures that the firewall can curb such
exc… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.28 |
| jnxJsScreenMonLimitSessDest The user can limit the number of concurrent sessions
to the same destination IP address. A wily attacker can
launch a distributed denial-of-service (DDoS) attack using
'zombie … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.29 |
| jnxJsScreenMonSynAttk The SYN (TCP connection request) attack is a common denial
of service (DoS) technique characterized by the following
pattern:
- Using a spoofed IP address not in use on the Inte… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.3 |
| jnxJsScreenMonSynAckAck When an authentication user initiates a Telnet or FTP connection,
the user sends a SYN segment to the Telnet or FTP server. The
device intercepts the SYN segment, creates an ent… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.30 |
| jnxJsScreenMonIpFrag As packets travels, it is sometimes necessary to break a packet
into smaller fragments based upon the maximum transmission unit
(MTU) of each network. IP fragments might contain… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.31 |
| jnxJsScreenSynAttackThresh The number of SYN segments to the same destination address
and port number per second required to activate the SYN proxying
mechanism. In order to set the appropriate threshold … | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.32 |
| jnxJsScreenSynAttackTimeout The maximum length of time before a half-completed connection is
dropped from the queue. The default is 20 seconds.
This attributes display the SYN attack timeout … | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.33 |
| jnxJsScreenSynAttackAlmTh The syn attack alarm threshold causes an alarm to be generated when
the number of proxied, half-complete TCP connection requests per
second requests to the same destination addr… | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.34 |
| jnxJsScreenSynAttackQueSize deprecated The number of proxied connection requests held in the proxied
connection queue before the device starts rejecting new connection
requests.
This attribute displays… | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.35 |
| jnxJsScreenSynAttackAgeTime deprecated SYN flood age time.
This object has been deprecated. | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.36 |
| jnxJsScreenIcmpFloodThresh ICMP flooding occurs when an attacker sends IP packets containing
ICMP datagrams with the purpose of slowing down the victim to the
point that it can no longer handle valid conn… | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.37 |
| jnxJsScreenUdpFloodThresh UDP flooding occurs when an attacker sends IP packets containing
UDP datagrams with the purpose of slowing down the victim to the
point that it can no longer handle valid connec… | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.38 |
| jnxJsScreenPortScanThresh The port scan threshold interval is in microseconds. The default
threshold value is 5000. The valid threshold range is 1000-1000000.
By using the default settin… | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.39 |
| jnxJsScreenMonTearDrop Teardrop attacks exploit the reassembly of fragmented IP
packets. In the IP header, one of the fields is the fragment
offset field, which indicates one of the fields is the frag… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.4 |
| jnxJsScreenIpSweepThresh The IP sweep threshold interval is in microseconds. The default
threshold value is 5000. The valid threshold range is 1000-1000000.
By using the default setting… | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.40 |
| jnxJsScreenSynAckAckThres SYN ack ack alarm threshold value. | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.41 |
| jnxJsScreenMonIpv6ExtHdr In one IPv6 packet, one or more extension headers may appear before
the encapsulated payload after the mandatory header. User can screen
any one or several extension headers.
… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.42 |
| jnxJsScreenMonIpv6HopOpt In one IPv6 hop by hop option extension header, it carries a variable
number options. User can screen any one or several options.
When the hop by hop option screen … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.43 |
| jnxJsScreenMonIpv6DstOpt In one IPv6 destination option extension header, it carries a variable
number options. User can screen any one or several options.
When the destination option scree… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.44 |
| jnxJsScreenMonIpv6ExtLimit In one IPv6 packet, one or more extension headers may appear before
the encapsulated payload. User can screen IPv6 packets if their extension
header number is larger than one limi… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.45 |
| jnxJsScreenMonIpMalIpv6 One IPv6 packets may contain malformed header, the device tries to block
these packets to protect downstream devices.
When the malformed IPv6 screen is enabled, the… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.46 |
| jnxJsScreenMonIcmpMalIcmpv6 One ICMPv6 packets may contain malformed content, the device tries to block
these packets to protect downstream devices.
When the malformed ICMPv6 screen is enabled… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.47 |
| jnxJsScreenIpv6ExtNumLim IPv6 extension header number limit value. | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.48 |
| jnxJsScreenUdpPortScanThresh The UDP port scan threshold interval is in microseconds. The default
threshold value is 5000. The valid threshold range is 1000-1000000.
By using the default se… | column | SNMPv2-SMIInteger32 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.49 |
| jnxJsScreenMonSrcRoute IP source route options can be used to hide their true address
and access restricted areas of a network by specifying a
different path. The security device should be able to eit… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.5 |
| jnxJsScreenMonUdpPortScan A UDP port scan occurs when one source IP address sends UDP packets
to a defined number of different ports at the same destination
IP address within a defined interval. The purpo… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.50 |
| jnxJsScreenMonIpTunnelGre6in4 When an IP GRE 6in4 Tunnel packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records the I… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.51 |
| jnxJsScreenMonIpTunnelGre4in6 When an IP GRE 4in6 Tunnel packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records the I… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.52 |
| jnxJsScreenMonIpTunnelGre6in6 When an IP GRE 6in6 Tunnel packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records the I… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.53 |
| jnxJsScreenMonIpTunnelGre4in4 When an IP GRE 4in4 Tunnel packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records the I… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.54 |
| jnxJsScreenMonIpTunnelIpInUdpTeredo When an IPinUDP Teredo Tunnel packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records th… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.55 |
| jnxJsScreenMonIpTunnelBadInnerHeader When an IP Tunnel Bad Inner Header packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute recor… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.56 |
| jnxJsScreenMonIpTunnelIpIp6to4relay When an IP Tunnel IPinIP 6to4 relay packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute reco… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.57 |
| jnxJsScreenMonIpTunnelIpIp6in4 When an IP Tunnel IPinIP 6in4 packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records th… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.58 |
| jnxJsScreenMonIpTunnelIpIp6over4 When an IP Tunnel IPinIP 6over4 packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.59 |
| jnxJsScreenMonPingDeath The maximum allowable IP packet size is 65,535 bytes,
including the packet header (typically 20 bytes long).
An ICMP echo request is an IP packet with a pseudo header,
which is… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.6 |
| jnxJsScreenMonIpTunnelIpIp4in6 When an IP Tunnel IPinIP 4in6 packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records th… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.60 |
| jnxJsScreenMonIpTunnelIpIp4in4 When an IP Tunnel IPinIP 4in4 packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records th… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.61 |
| jnxJsScreenMonIpTunnelIpIp6in6 When an IP Tunnel IPinIP 6in6 packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records th… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.62 |
| jnxJsScreenMonIpTunnelIpIpIsatap When an IP Tunnel IPinIP ISATAP packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records … | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.63 |
| jnxJsScreenMonIpTunnelIpIpDsLite When an IP Tunnel IPinIP DS-Lite packet meets the attack criteria
specified by current configuration, it will be counted in this
statisitic.
This attribute records… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.64 |
| jnxJsScreenMonLand A combined SYN attack with IP spoof is referred to as
Land attack. A Land attack occurs when an attacker sends
spoofed SYN packets containing the IP address of the victim as
b… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.8 |
| jnxJsScreenMonIcmpFlood An ICMP flood typically occurs when ICMP echo requests overload
its victim with so many requests that it expends all its
resources responding until it can no longer process vali… | column | SNMPv2-SMICounter64 | .1.3.6.1.4.1.2636.3.39.1.8.1.1.1.1.9 |