) in the row of a particular
attack object to see a description of it. When you subscribe to Deep Inspection (DI), the security device can download a set of attack objects (signature packs) from an attack object server to an internal database. You can then configure the security device to update the signature packs at user-defined intervals. (For more information about downloading and updating the attack object database, see Attack Object Database Server Configuration.)
The security device can use the predefined attack objects listed on this page when performing Deep Inspection. For each attack object, you can view the following information:
Name: Displays the name of a predefined attack object. Each object name begins with the protocol type (for example, DNS, FTP, HTTP, IMAP, POP3, or SMTP).
Type: Identifies the type of attack object: either signature or anomaly.
Context: Defines the location in the packet where the DI module searches for a signature matching the attack object pattern.
Severity: Specifies the severity level for the attack object.
Note: The attack object severity level is useful for NetScreen-Security Manager (NSM).
Pattern: (Signatures only) Displays the text string for which the security device searches.
Note: Because the DI module supports regular expressions, it can use wildcards when searching for patterns. Thus, a single signature definition can apply to multiple attack pattern variations.
Configuration:
Click the question mark ( ) in the row of a particular
attack object to see a description of it.
To disable the enforcement of a predefined attack object, clear the check box in the Configuration column that corresponds with that attack object. To enable it again, select the check box. (By default, all predefined attack objects are enabled.)