Chapter 38 IDP
ZyWALL USG Series User’s Guide
731
The following table describes the fields in this screen.
Table 266 Configuration > UTM Profile > IDP > Custom Signatures > Add/Edit
LABEL
DESCRIPTION
Name
Type the name of your custom signature. You may use 1-31 alphanumeric characters,
underscores(
_
), or dashes (-), but the first character cannot be a number. This value is
case-sensitive.
Duplicate names can exist but it is advisable to use unique signature names that give
some hint as to intent of the signature and the type of attack it is supposed to prevent.
Refer to (but do not copy) the packet inspection signature names for hints on creating a
naming convention.
Signature ID
A signature ID is automatically created when you click the
Add
icon to create a new
signature. You can edit the ID to create a new one (in the 9000000 to 9999999 range),
but you cannot use one that already exists. You may want to do that if you want to order
custom signatures by SID.
Information
Use the following fields to set general information about the signature as denoted below.
Severity
The severity level denotes how serious the intrusion is. Categorize the seriousness of the
intrusion here. See
as a reference.
Platform
Some intrusions target specific operating systems only. Select the operating systems that
the intrusion targets, that is, the operating systems you want to protect from this intrusion.
SGI refers to Silicon Graphics Incorporated, who manufactures multi-user Unix
workstations that run the IRIX operating system (SGI's version of UNIX). A router is an
example of a network device.
Service
Select the IDP service group that the intrusion exploits or targets. See
for a list of IDP service groups. The custom signature then appears in that group in the
IDP > Profile > Group View
screen.
Policy Type
Categorize the attack type here. See
as a reference.
Frequency
Recurring packets of the same type may indicate an attack. Use the following field to
indicate how many packets per how many seconds constitute an intrusion
Threshold
Select
Threshold
and then type how many packets (that meet the criteria in this
signature) per how many seconds constitute an intrusion.
Header Options
Network Protocol
Configure signatures for IP version 4.
Type Of Service
Type of service in an IP header is used to specify levels of speed and/or reliability. Some
intrusions use an invalid
Type Of Service
number. Select the check box, then select
Equal
or
Not-Equal
and then type in a number.
Identification
The identification field in a datagram uniquely identifies the datagram. If a datagram is
fragmented, it contains a value that identifies the datagram to which the fragment
belongs. Some intrusions use an invalid
Identification
number. Select the check box and
then type in the invalid number that the intrusion uses.
Fragmentation
A fragmentation flag identifies whether the IP datagram should be fragmented, not
fragmented or is a reserved bit. Some intrusions can be identified by this flag. Select the
check box and then select the flag that the intrusion uses.
Fragment Offset
When an IP datagram is fragmented, it is reassembled at the final destination. The
fragmentation offset identifies where the fragment belongs in a set of fragments. Some
intrusions use an invalid
Fragment Offset
number. Select the check box, select
Equal
,
Smaller
or
Greater
and then type in a number
Time to Live
Time to Live is a counter that decrements every time it passes through a router. When it
reaches zero, the datagram is discarded. Usually it’s used to set an upper limit on the
number of routers a datagram can pass through. Some intrusions can be identified by
the number in this field. Select the check box, select
Equal
,
Smaller
or
Greater
and then
type in a number.
Summary of Contents for USG110
Page 27: ...27 PART I User s Guide ...
Page 195: ...195 PART II Technical Reference ...
Page 309: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 309 ...
Page 313: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 313 ...
Page 358: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 358 ...
Page 373: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 373 ...