[j-nsp] Juniper ASP/ASM IDS real world?

Michael Loftis mloftis at wgops.com
Sat Mar 4 21:31:20 EST 2006

I'm really curious about any real world deployment and use of the IDS 
component in the ASPIC/ASModule on the M series (T, J?)...

>From what I can tell, unless you tell it to log all of the drops, you can't 
get it to log the source of the attack, just the destination.  That's fine 
and dandy enough...using SEC or similar could cause it to run over really 
quickly to the management UI and query for the particular problem sources.

To me, the source of the attack is far more important than the destination. 
Dest is important, but not as important as knowing where it came from so 
that aggressive sources can be blocked more permanently or widely than the 
ASM/ASP will do on it's own inside of the IDS service.

To that end, is anyone out there deploying this in a real world scenario? 
Heck even lab experience would be nice to hear about too.

I googled the archives but didn't seem to find anything relevant.

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler

More information about the juniper-nsp mailing list