Intrusion Prevention
Highlighted
Intrusion Prevention

SRX IDP limit to custom attack pattern length

‎04-28-2019 02:02 PM

I am experimenting on a SRX300 with some custom attacks.  However, when my pattern exceeds a certain length in its statement I get an error back in CLI when I commit. The Error is "Length 625 is not within range (0..511)" 625 being the entire length of the command.

 

Is there any restriction on the length of a command on CLI? If so, is there an way around it?

Thanks for any help.

1 REPLY 1
Intrusion Prevention

Re: SRX IDP limit to custom attack pattern length

[ Edited ]
‎04-28-2019 11:12 PM

Hello,

SRX (and any JUNOS product) has length restrictions for parameters. You can view them by doing "show | display detail" in the config mode. Example being:

 

[edit security idp custom-attack CA1]
regress@FW2# show | display detail 
##
## attack-type: Type of attack
## package: jidpd 
##
attack-type {
    ##
    ## signature: Signature based attack
    ## package: jidpd 
    ## constraint: Only one attack type is permitted
    ##
    signature {
        ##
        ## Warning: Context must be specified
        ## pattern: Pattern is the signature of the attack you want to detect
        ## range: 0 .. 511
        ## package: jidpd 
        ## constraint: Context must be specified
        ##
        pattern abcde*;

 

 


@rs1936 wrote:

If so, is there an way around it?

Thanks for any help.


I guess You can split Your custom attack pattern longer than 511 chars into several custom attacks and then group them together but I have never tested this. And even if it works,  the real-life matching against such long pattern - if it includes naive/unoptimized regex most people do - would be VEEERY SLOOOOOW.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !