Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

HOW TO: Update Deep Inspection Attack Signature Database with no internet connection.

0

0

Article ID: KB4838 KB Last Updated: 15 Nov 2013Version: 6.0
Summary:

Follow the steps below to update the Deep Inspection (DI) Attack Signature Database offline.  The offline method is used when there is no internet connection.

Symptoms:

Environment:

  • DI Update

  • Deep Inspection

  • No internet connection

  • Proxy server

Symptoms and Error Messages:

  • Loading attack database...DI update key check failed
Cause:

Solution:

The device must have a valid/current license key, otherwise the attempt to load the attack database will fail with the following message:

Loading attack database...DI update key check failed

Save the file, attacks.bin, from the following URL:

https://services.netscreen.com/restricted/sigupdates/5.1/ns5gt/attacks.bin?sn=[serial number]

Note: Remember to modify the device accordingly. In the above link, the device is ns5gt.

From the CLI:

Run the following commands:

ns5gt-> save attack-db from tftp [TFTP server IP] attacks.bin to flash

Sample output:
Load attack database from TFTP [TFTP server IP] (file: attacks.bin).
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
tftp received octets = 178836
tftp success!

TFTP Succeeded.
Loading attack database...
Ignoring attack database authentication...
...........
Done.
Done.
Switching attack database...Done
Saving attack database to flash...Done.

From the WebUI:

Perform the following steps:

  1. Navigate to Security > Deep Inspection > Attack Signature



  2. Browse and load the downloaded file.

  3. Check your DI Attack Database version, using the following command:

  4. ns5gt-> get attack db

    Sample output:

    Attack database Version: 227 (15 Mar 2005 22:02:32)
    Number of Attacks: 726, Number of Groups: 67
    Attack database Server: <not set>
    Automatic Operation: <not set>
    Schedule for automatic Operation: <not set>
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search