Juniper Archives -

port scan attack (by juniper)

Juniper
MaryamSaniee
1 0

index=* sourcetype="juniper:firewall"  src!="192.168.*"
| bin _time span=5m
| stats dc(dest_port) as distinct_port by src,dest,_time
|where distinct_port >1000

index=* sourcetype="juniper:firewall" src!="192.168.*"

| bin _time span=5m

| stats dc(dest_port) as distinct_port by src,dest,_time

|where distinct_port >1000

Continue Reading →

Count of Attackers on Juniper Devices

Juniper
ItsJohnLocke
3 8

The following is a Splunk search query that indicates potential “attacks” by source IP. Further investigation will be needed to determine accuracy of attacks.

sourcetype = "juniper:idp" attack* | stats count by src_ip

1	sourcetype = "juniper:idp" attack* \| stats count by src_ip

Credit given to bbosearch.

Continue Reading →

Newest | Active

ChristinaW

Active 2 days, 1 hour ago
ashutosh

Active 4 days, 12 hours ago
jwalthour

Active 6 days, 2 hours ago
Azeemering

Active 1 week, 5 days ago
wangrui

Active 1 week, 6 days ago

Sourcetype: Juniper

port scan attack (by juniper)

Count of Attackers on Juniper Devices