Chapter 38 IDP
ZyWALL USG Series User’s Guide
732
IP Options
IP options is a variable-length list of IP options for a datagram that define IP
Security
Option, IP Stream Identifier
, (security and handling restrictions for the military),
Record
Route
(have each router record its IP address),
Loose Source Routing
(specifies a list of IP
addresses that must be traversed by the datagram),
Strict Source Routing
(specifies a list
of IP addresses that must ONLY be traversed by the datagram),
Timestamp
(have each
router record its IP address and time),
End of IP List
and
No IP Options
.
IP Options
can help
identify some intrusions. Select the check box, then select an item from the list box that
the intrusion uses
Same IP
Select the check box for the signature to check for packets that have the same source
and destination IP addresses.
Transport Protocol
The following fields vary depending on whether you choose
TCP
,
UDP
or
ICMP
.
Transport Protocol: TCP
Port
Select the check box and then enter the source and destination TCP port numbers that
will trigger this signature.
Flow
The selected keyword sets the criteria as to which traffic is matched. You can match
traffic based on direction or whether the connection is established or not. You can also
specify whether you want to match signatures per packet or in a stream of packets.
Established
: Match established TCP connections.
Stateless
: Match packets regardless of the state of the stream processor. This is useful for
packets that are designed to cause machines to crash.
To Client
: Match packets that flow from server to client.
To Server
: Match packets that flow from client to server.
From Client
: Match packets that flow from client to server.
From Servers
: Match packets that flow from server to client.
No Stream
: Match packets that have not been reassembled by the stream engine. It will
not match packets that have been reassembled.
Only Stream
: Match packets that have been reassembled.
Flags
Select what TCP flag bits the signature should check.
Sequence Number
Use this field to check for a specific TCP sequence number.
Ack Number
Use this field to check for a specific TCP acknowledgment number.
Window Size
Use this field to check for a specific TCP window size.
Transport Protocol: UDP
Port
Select the check box and then enter the source and destination UDP port numbers that
will trigger this signature.
Transport Protocol:
ICMP
Type
Use this field to check for a specific ICMP type value.
Code
Use this field to check for a specific ICMP code value.
ID
Use this field to check for a specific ICMP ID value. This is useful for covert channel
programs that use static ICMP fields when they communicate.
Sequence Number
Use this field to check for a specific ICMP sequence number. This is useful for covert
channel programs that use static ICMP fields when they communicate.
Payload Options
The longer a payload option is, the more exact the match, the faster the signature
processing. Therefore, if possible, it is recommended to have at least one payload option
in your signature.
Table 266 Configuration > UTM Profile > IDP > Custom Signatures > Add/Edit (continued)
LABEL
DESCRIPTION
Summary of Contents for USG110
Page 27: ...27 PART I User s Guide ...
Page 195: ...195 PART II Technical Reference ...
Page 309: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 309 ...
Page 313: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 313 ...
Page 358: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 358 ...
Page 373: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 373 ...