Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What is the current DI attack database version?

0

0

Article ID: KB4561 KB Last Updated: 03 Aug 2017Version: 7.0
Summary:

This article explains why Deep Inspection (DI) updates have different versions for each ScreenOS image.

Symptoms:

Environment:

  • Deep Inspection
  • DI Attack Update Version

Symptoms & Errors:

  • Deep Inspection Attack Database version is different between ScreenOS versions
  • What is the latest available DI database version?

  • What version of the DI database is currently loaded on the ScreenOS Firewall?
Solution:

Deep Inspection (DI) updates have different versions for each ScreenOS image. The total number of signatures in the databases will always be different between ScreenOS images. 

ScreenOS 5.1.0rx has many more signatures than ScreenOS 5.0.0rx.  Further, ScreenOS 5.1 has more protocols, more contexts, and is able to support signature chains.

Example:

DI versions:
ScreenOS 5.0.0r9 = DI Version 141
ScreenOS 5.1.0r1 = DI Version 139

Deep inspection is a subset of the IDP database.  As such, DI shares the same database version number as the latest IDP database version. 

Click here for the latest IDP/DI database version and content information.

It is also possible to view the ScreenOS Firewall's currently loaded database version and attack information.
This is achieved via the CLI (console, telnet or SSH connection) or the WebUI.

To check the currently loaded DI attack database version via the CLI, perform the following steps:

Open the Command Line Interface (CLI). Refer to KB4082 - Accessing the Command Line Interface Using Telnet.

To check the current DI attack database version, enter the following command: 

netscreen-> get attack db
Attack database Version: 146(9 Nov 2004 03:01:02)
Number of Attacks: 246, Number of Groups: 29
Attack database Server:
Automatic Operation:
Schedule for automatic Operation:

 To check a full listing of the attacks, enter the following command:

netscreen-> get attack

 noteA list of attacks will be displayed in a table including DNS, FTP, IMAP, POP3, SMTP, and other types of attacks.


To check the currently loaded DI attack database version via the WebUI, perform the following steps:

Open the WebUI. Refer to KB4317 - [ScreenOS] Accessing your Juniper firewall device using the WebUI.

From the NetScreen options menu, click Configuration, select Update, and then click Attack Signature.

noteThe current DI database version will be displayed.

Image of note

Modification History:

2017-08-03: Minor non-technical updates.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search