Intrusion Prevention
Highlighted
Intrusion Prevention

IDP installed, now have many new open ports? - Edit - figured it out.

[ Edited ]
‎09-22-2015 12:27 PM

Hi,

 

I recently installed Juniper IDP (default) on our SRX cluster and my company has since failed our PCI scan. Apparently, we have many new open ports they are seeing that were not seen before the installation. For example: port 8080.

 

Is this typical? Do I have to configure IDP to specifically block ports? 

 

I am confused as to how this could happen, but this is the only change that has taken place.

 

Any help/advice would be appreciated. 

 

Edit: I figured it out in the default security policy, I needed to limit the applications....

2 REPLIES 2
Highlighted
Intrusion Prevention

Re: IDP installed, now have many new open ports? - Edit - figured it out.

‎09-29-2015 12:19 AM

Hi,

IDP as such doesn't open or block ports as it works on pattern based approach. It looks like there might be something else which was blocking all these ports earlier and you have enabled IDP now removed the other device/software.

Also, what I would suggest on IDP policy side, if you are unsure of traffic profile in your network, you may use predefined idp policy templates available for different purposes.

 

You may find below link helpful:

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16490&smlogin=true

 

Cheers,

Dipanshu

Highlighted
Intrusion Prevention

Re: IDP installed, now have many new open ports? - Edit - figured it out.

‎09-29-2015 02:27 AM

Hello,

 

Which tool you are using for Port Scanning?

 

Do you have any 'tcp-rst' configuration on SRX or 'tcp syn flood protection screen' enabled on the device?

 

Regards,

 

Rushi

Feedback