Chapter 29 Botnet Filter
ZyWALL ATP Series User’s Guide
535
Log
These are the log options:
no
: Do not create a log when the packet contains a botnet IP address.
log
: Create a log on the Zyxel Device when the packet contains a botnet IP address.
log alert
: An alert is an emailed log for more serious events that may need more immediate
attention. Select this option to have the Zyxel Device send an alert when the packet
contains a botnet IP address.
URL Blocking
Enable
Select this option to turn on URL blocking on the Zyxel Device and select the categories of
web pages that are known to pose a security threat to users or their computers. Otherwise,
deselect it.
Anonymizers
Sites and proxies that act as an intermediary for surfing to other Web sites in an anonymous
fashion, whether to circumvent Web filtering or for other reasons. For example, blog.go2.tw,
anonymizer.com, www.qu365.com.
Botnets
Sites that use bots (zombies) including command-and-control (C&C) servers.
Compromised
Sites that have been compromised by someone other than the site owner in order to install
malicious programs without the user's knowledge. Includes sites that may be vulnerable to a
particular high-risk attack. For example, www.wokoo.net, movie.sx.zj.cn.
Malware
Sites that install unwanted software on a user's computer with the intent to enable third-
party monitoring or make system changes without the user's consent. For example,
www.tqlkg.com, aladel.net.
Network Errors
Sites that do not resolve to any IP address. A site may not be able to resolve to an IP address
if, for example, the site is no longer available, the site is temporarily offline, network access
to the site is down, the DNS server address record is wrong, the DNS server has another
problem, the site has maintenance/repair work going on, or the site has been hacked.
Parked Domains
Sites that are inactive, typically reserved for later use. They most often do not contain their
own content, may simply say "under construction," "purchase this domain," or display
advertisements. For example, www.moemoon.com, artlin.net, img.sedoparking.com.
Phishing & Fraud
Sites that are used for deceptive or fraudulent purposes (e.g. phishing), such as stealing
financial or other user account information. These sites are most often designed to appear
as legitimate sites in order to mislead users into entering their credentials. For example,
optimizedby.rmxads.com, 218.1.71.226/.../e3b.
Spam Sites
Sites that have been promoted through spam techniques. For example,
img.tongji.linezing.com, banner.chinesegamer.net.
Action
Set what action the Zyxel Device takes when it detects a connection attempt to or from the
web pages of the specified categories.
block
: Select this action to have the Zyxel Device block access to the web pages that
match the categories that you select above.
warn
: Select this action to have the Zyxel Device display a warning message to the access
requesters for the web pages before allowing users to access web pages that match the
categories that you select above.
pass
: Select this action to have the Zyxel Device allow access to the web pages that match
the categories that you select above.
Log
These are the log options:
no
: Do not create a log when it detects a connection attempt to or from the web pages of
the specified categories.
log
: Create a log on the Zyxel Device when it detects a connection attempt to or from the
web pages of the specified categories.
Table 216 Configuration > Security Service > Botnet Filter (continued)
LABEL
DESCRIPTION