Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How does Backdoor Detection work on IDP?

0

0

Article ID: KB4482 KB Last Updated: 03 Dec 2012Version: 4.0
Summary:
This article provides information on how Backdoor Detection works on IDP.
Symptoms:
Tuning the threshold parameters of Backdoor Detection.
Cause:

Solution:

The Backdoor Detection Rulebase protects the network from dangerous backdoors (such as Trojans) by detecting interactive traffic. The rulebase looks at network traffic patterns and uses heuristics of packet transmissions to detect interactive traffic; a common sign of an attacker using a Trojan or backdoor.

A backdoor is a mechanism that is installed on a host computer that facilitates unauthorized access to the system. Attackers who have already compromised a system typically install backdoors to make future attacks easier. However, when attackers send and retrieve information to and from the backdoor program (as when typing commands), they generate interactive traffic that IDP can detect.

Unlike antivirus software, which scans for known backdoor files or executables on the host system, IDP detects the interactive traffic that is produced, when backdoors are used. This method ensures that IDP can detect all backdoors, both known and unknown, even if the data is encrypted.


To determine if a connection is interactive, the IDP sensor examines packet data lengths and packet interarrival times

Thresholds for interactive traffic can be configured on the IDP sensor itself with the help of NSM. To get to the appropriate configuration screen, edit the device, go to sensor settings, and click the Run Time Parameters tab. Configure the thresholds under the Backdoor Detection heading.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search