[ScreenOS] What is the current DI attack database version?

  [KB4561] Show Article Properties


Summary:

This article explains why Deep Inspection (DI) updates have different versions for each ScreenOS image.

Symptoms:

Environment:

  • Deep Inspection
  • DI Attack Update Version

Symptoms & Errors:

  • Deep Inspection Attack Database version is different between ScreenOS versions
  • What is the latest available DI database version?

  • What version of the DI database is currently loaded on the ScreenOS Firewall?
Solution:

Deep Inspection (DI) updates have different versions for each ScreenOS image. The total number of signatures in the databases will always be different between ScreenOS images. 

ScreenOS 5.1.0rx has many more signatures than ScreenOS 5.0.0rx.  Further, ScreenOS 5.1 has more protocols, more contexts, and is able to support signature chains.

Example:

DI versions:
ScreenOS 5.0.0r9 = DI Version 141
ScreenOS 5.1.0r1 = DI Version 139

Deep inspection is a subset of the IDP database.  As such, DI shares the same database version number as the latest IDP database version. 

Click here for the latest IDP/DI database version and content information.

It is also possible to view the ScreenOS Firewall's currently loaded database version and attack information.
This is achieved via the CLI (console, telnet or SSH connection) or the WebUI.

To check the currently loaded DI attack database version via the CLI, perform the following steps:

Open the Command Line Interface (CLI). Refer to KB4082 - Accessing the Command Line Interface Using Telnet.

To check the current DI attack database version, enter the following command: 

netscreen-> get attack db
Attack database Version: 146(9 Nov 2004 03:01:02)
Number of Attacks: 246, Number of Groups: 29
Attack database Server:
Automatic Operation:
Schedule for automatic Operation:

 To check a full listing of the attacks, enter the following command:

netscreen-> get attack

 noteA list of attacks will be displayed in a table including DNS, FTP, IMAP, POP3, SMTP, and other types of attacks.


To check the currently loaded DI attack database version via the WebUI, perform the following steps:

Open the WebUI. Refer to KB4317 - [ScreenOS] Accessing your Juniper firewall device using the WebUI.

From the NetScreen options menu, click Configuration, select Update, and then click Attack Signature.

noteThe current DI database version will be displayed.

Image of note

Modification History:

2017-08-03: Minor non-technical updates.

Related Links: