ZyXEL ZyWALL ATP700 User Guide - Page 606
IDP, ZyWALL ATP Series User's Guide, Table 236, Configuration > Security Service >
View all ZyXEL ZyWALL ATP700 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 606 highlights
Chapter 29 IDP Table 236 Configuration > Security Service > IDP > Custom Signatures > Add/Edit (continued) LABEL DESCRIPTION IP Options Same IP Transport Protocol Transport Protocol: TCP Port Flow IP options is a variable-length list of IP options for a datagram that define IP Security Option, IP Stream Identifier, (security and handling restrictions for the military), Record Route (have each router record its IP address), Loose Source Routing (specifies a list of IP addresses that must be traversed by the datagram), Strict Source Routing (specifies a list of IP addresses that must ONLY be traversed by the datagram), Timestamp (have each router record its IP address and time), End of IP List and No IP Options. IP Options can help identify some intrusions. Select the check box, then select an item from the list box that the intrusion uses Select the check box for the signature to check for packets that have the same source and destination IP addresses. The following fields vary depending on whether you choose TCP, UDP or ICMP. Select the check box and then enter the source and destination TCP port numbers that will trigger this signature. The selected keyword sets the criteria as to which traffic is matched. You can match traffic based on direction or whether the connection is established or not. You can also specify whether you want to match signatures per packet or in a stream of packets. Established: Match established connections. Stateless: Match packets that are not part of an established connection. To Client: Match packets that flow from server to client.. To Server: Match packets that flow from client to server. From Client: Match packets that flow from client to server. From Servers: Match packets that flow from server to client. No Stream: Match packets that have not been reassembled by the stream engine. It will not match packets that have been reassembled. Flags Sequence Number Ack Number Window Size Transport Protocol: UDP Port Transport Protocol: ICMP Type Code ID Sequence Number Payload Options Only Stream: Match packets that have been reassembled. Select what TCP flag bits the signature should check. Use this field to check for a specific TCP sequence number. Use this field to check for a specific TCP acknowledgment number. Use this field to check for a specific TCP window size. Select the check box and then enter the source and destination UDP port numbers that will trigger this signature. Use this field to check for a specific ICMP type value. Use this field to check for a specific ICMP code value. Use this field to check for a specific ICMP ID value. This is useful for covert channel programs that use static ICMP fields when they communicate. Use this field to check for a specific ICMP sequence number. This is useful for covert channel programs that use static ICMP fields when they communicate. The longer a payload option is, the more exact the match, the faster the signature processing. Therefore, if possible, it is recommended to have at least one payload option in your signature. ZyWALL ATP Series User's Guide 606