Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What is an Address Sweep attack?

0

0

Article ID: KB4825 KB Last Updated: 21 Mar 2013Version: 4.0
Summary:
This article provides information about the meaning of an Address Sweep attack.
Symptoms:
What is an Address Sweep attack?
Cause:

Solution:
Note: This article is applicable to ScreenOS 4.0 or later.

When a single source IP address sends 10 ICMP request packets to different hosts, within a specified interval of time (setting on firewall), it is basically termed as an Address Sweep Attack. The default address sweep threshold is 5000. This is interpreted as 10 IP address sweeps per 5000 microseconds or 10 IP addresses will be scanned in 0.005 seconds.

The purpose of this scheme is to send ICMP packets, typically echo requests, to various hosts in the hope that at least one replies; which uncovers an address to target. The NetScreen device internally logs the number of different addresses being pinged from one remote source.

Via the default settings, if a remote host sends ICMP traffic to 10 addresses in 0.005 seconds (5000 microseconds), the security device flags this as an address sweep attack, rejects the 11th address, and all further ICMP packets from that host for the remainder of that second. Increasing the threshold will increase the likelihood of address sweep detection.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search