Juniper Netscreen¶
Constructor : Juniper¶
Device : Netscreen¶
Theoretical injector performance¶
9956 EPS
Log format : FIrewall Traffic¶
Standard Structure of a traffic log message :
PFIRN102: NetScreen device_id=SPFIRN102 [Root]system-notification-00257(traffic): start_time=\"2016-01-28 05:12:31\" duration=2 policy_id=14 service=http proto=6 src zone=Sas dst zone=Internet action=Permit sent=724 rcvd=674 src=192.168.155.25 dst=62.210.93.8 src_port=45731 dst_port=80 src-xlated ip=192.168.155.25 port=45731 dst-xlated ip=62.210.93.8 port=80 session_id=231854 reason=Close
Constructor field | LMC field |
---|---|
Device Model | [obs][host][name] |
Device Serial Number | [netscreen][device_id] |
Severity Level | [alarm][sev] |
Type ID | [netscreen][type_id] |
Type | [type] |
Start Time | [obs][ts] |
Duration | [session][duration] |
Traffic Policy | [netscreen][policy_id] |
Service | [netscreen][service] |
Protocol Number | [app][proto][id] |
Source Zone | [netscreen][src_zone] |
Destination Zone | [netscreen][dst_zone] |
Policy Action | [action] |
Bytes Sent | [session][out][byte] |
Bytes Received | [session][in][byte] |
Source IP Address | [init][host][ip] |
Destination IP Address | [target][host][ip] |
Source Port | [init][host][port] |
Destination Port | [target][host][port] |
Source NAT IP Address | [init][nat][host][ip] |
Destination NAT IP | [target][nat][host][ip] |
Source NAT Port | [init][host][nat][port] |
Destination NAT Port | [target][host][nat][port] |
session_id | [session][id] |
session_reason | [netscreen][session_reason] |
exemple : version 6 SN103: NetScreen device_id=SN103 [Root]system-notification-00257(traffic): start_time=\"2016-01-28 05:12:31\" duration=2 policy_id=14 service=http proto=6 src zone=Sas dst zone=Internet action=Permit sent=724 rcvd=674 src=192.168.155.25 dst=62.200.90.8 src_port=45731 dst_port=80 src-xlated ip=192.168.155.25 port=45731 dst-xlated ip=62.200.91.2 port=80 session_id=231854 reason=Close version 4 ns204: NetScreen device_id=netscreen2 [Root]system-notification-00257(traffic): start_time= duration=0 policy id=320001 service=msrpc Endpoint Mapper(tcp) proto=6 src zone=Null dst zone=self action=Deny sent=0 rcvd=16384 src=21.10.90.125 dst=23.16.1.1
Unit Test¶
unit_traffic_permit.json unit_traffic_deny.json unit_traffic_tunnel.json
Log format : Idp¶
Constructor field | LMC field |
---|---|
Log ID | not used |
Time Received | [rep][ts] |
Alert | [netscreen][alert] |
Src Addr | [init][host][ip] |
Dst Addr | [target][host][ip] |
Action | [action] |
Protocol | [app][proto][name] |
Dst Port | [target][host][port] |
Rule # | [rule][id] |
Nat Src Addr | [init][nat][host][ip] |
Nat Dst Addr | [target][nat][host][ip] |
Details | [netscreen][misc] |
Category | [netscreen][category] |
Subcategory | [netscreen][attack] |
Severity | [alarm][sev] |
Device | [init][usr][name] |
Comment | [session][out][byte] |
Application Name | [app][name] |
Bytes In | [session][in][byte] |
Bytes Out | [session][out][byte] |
Bytes Total | not used |
Domain | [init][usr][domain] |
Device family | not used |
Dst Intf | [netscreen][outbound_interface] |
Dst Zone | [netscreen][destination_zone] |
Elapsed Secs | [session][duration] |
Has Packet Data | not used |
NAT Dst Port | [target][host][nat][port] |
NAT Src Port | [init][host][nat][port] |
Packets In | [session][in][packet] |
Packets Out | [session][out][packet] |
Packets Total | not used |
Policy | [netscreen][policy] |
Roles | not used |
Rule Domain | not used |
Rule Domain Ver | not used |
Rulebase | [rule][name] |
Src Intf | [netscreen][inbound_interface] |
Src Port | [init][host][port] |
Src Zone | [netscreen][source_zone] |
Time Generated | [obs][ts] |
User | [init][usr][name] |
exemple : dayId=2006/10|/12 21:52:21 device_ip= attack= srcAddr= natSrcPort= dstAddr= natDstPort= policy= severity= outbytes= repCount= misc=
Unit Test¶
unit_idp.json