Juniper Netscreen¶
Constructor : Juniper¶
Device : Netscreen¶
Theoretical injector performance¶
9956 EPS
Log format : FIrewall Traffic¶
Standard Structure of a traffic log message :
PFIRN102: NetScreen device_id=SPFIRN102 [Root]system-notification-00257(traffic): start_time=\"2016-01-28 05:12:31\" duration=2 policy_id=14 service=http proto=6 src zone=Sas dst zone=Internet action=Permit sent=724 rcvd=674 src=192.168.155.25 dst=62.210.93.8 src_port=45731 dst_port=80 src-xlated ip=192.168.155.25 port=45731 dst-xlated ip=62.210.93.8 port=80 session_id=231854 reason=Close
| Constructor field | LMC field |
|---|---|
| Device Model | [obs][host][name] |
| Device Serial Number | [netscreen][device_id] |
| Severity Level | [alarm][sev] |
| Type ID | [netscreen][type_id] |
| Type | [type] |
| Start Time | [obs][ts] |
| Duration | [session][duration] |
| Traffic Policy | [netscreen][policy_id] |
| Service | [netscreen][service] |
| Protocol Number | [app][proto][id] |
| Source Zone | [netscreen][src_zone] |
| Destination Zone | [netscreen][dst_zone] |
| Policy Action | [action] |
| Bytes Sent | [session][out][byte] |
| Bytes Received | [session][in][byte] |
| Source IP Address | [init][host][ip] |
| Destination IP Address | [target][host][ip] |
| Source Port | [init][host][port] |
| Destination Port | [target][host][port] |
| Source NAT IP Address | [init][nat][host][ip] |
| Destination NAT IP | [target][nat][host][ip] |
| Source NAT Port | [init][host][nat][port] |
| Destination NAT Port | [target][host][nat][port] |
| session_id | [session][id] |
| session_reason | [netscreen][session_reason] |
exemple : version 6 SN103: NetScreen device_id=SN103 [Root]system-notification-00257(traffic): start_time=\"2016-01-28 05:12:31\" duration=2 policy_id=14 service=http proto=6 src zone=Sas dst zone=Internet action=Permit sent=724 rcvd=674 src=192.168.155.25 dst=62.200.90.8 src_port=45731 dst_port=80 src-xlated ip=192.168.155.25 port=45731 dst-xlated ip=62.200.91.2 port=80 session_id=231854 reason=Close version 4 ns204: NetScreen device_id=netscreen2 [Root]system-notification-00257(traffic): start_time= duration=0 policy id=320001 service=msrpc Endpoint Mapper(tcp) proto=6 src zone=Null dst zone=self action=Deny sent=0 rcvd=16384 src=21.10.90.125 dst=23.16.1.1
Unit Test¶
unit_traffic_permit.json unit_traffic_deny.json unit_traffic_tunnel.json
Log format : Idp¶
| Constructor field | LMC field |
|---|---|
| Log ID | not used |
| Time Received | [rep][ts] |
| Alert | [netscreen][alert] |
| Src Addr | [init][host][ip] |
| Dst Addr | [target][host][ip] |
| Action | [action] |
| Protocol | [app][proto][name] |
| Dst Port | [target][host][port] |
| Rule # | [rule][id] |
| Nat Src Addr | [init][nat][host][ip] |
| Nat Dst Addr | [target][nat][host][ip] |
| Details | [netscreen][misc] |
| Category | [netscreen][category] |
| Subcategory | [netscreen][attack] |
| Severity | [alarm][sev] |
| Device | [init][usr][name] |
| Comment | [session][out][byte] |
| Application Name | [app][name] |
| Bytes In | [session][in][byte] |
| Bytes Out | [session][out][byte] |
| Bytes Total | not used |
| Domain | [init][usr][domain] |
| Device family | not used |
| Dst Intf | [netscreen][outbound_interface] |
| Dst Zone | [netscreen][destination_zone] |
| Elapsed Secs | [session][duration] |
| Has Packet Data | not used |
| NAT Dst Port | [target][host][nat][port] |
| NAT Src Port | [init][host][nat][port] |
| Packets In | [session][in][packet] |
| Packets Out | [session][out][packet] |
| Packets Total | not used |
| Policy | [netscreen][policy] |
| Roles | not used |
| Rule Domain | not used |
| Rule Domain Ver | not used |
| Rulebase | [rule][name] |
| Src Intf | [netscreen][inbound_interface] |
| Src Port | [init][host][port] |
| Src Zone | [netscreen][source_zone] |
| Time Generated | [obs][ts] |
| User | [init][usr][name] |
exemple : dayId=2006/10|/12 21:52:21 device_ip= attack= srcAddr= natSrcPort= dstAddr= natDstPort= policy= severity= outbytes= repCount= misc=
Unit Test¶
unit_idp.json