ZyXEL NXC5200 User Guide - Page 337
Traffic Anomalies
View all ZyXEL NXC5200 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 337 highlights
CHAPTER 22 ADP 22.1 Overview This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and applying an ADP profile to a traffic direction. ADP protects against anomalies based on violations of protocol standards (RFCs - Requests for Comments) and abnormal flows such as port scans. ADP and IDP Comparison: 1 ADP anomaly detection is in general effective against abnormal behavior while IDP packet inspection signatures are in general effective for known attacks (see Chapter 21 on page 303 for information on packet inspection). 2 ADP traffic and anomaly rules are updated when you upload new firmware. This is different from the IDP packet inspection signatures and the system protect signatures you download from myZyXEL.com. 22.1.1 What You Can Do in this Chapter • The General screen (Section 22.2 on page 339) turns anomaly detection on or off and applies anomaly profiles to traffic directions. • The Profile screen (Section 22.3 on page 340) adds new profiles, edits an existing profile or deletes an existing profile. 22.1.2 What You Need To Know The following terms and concepts may help as you read this chapter. Traffic Anomalies Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be updated when you upload new firmware. NXC5200 User's Guide 337