Custom Idp Signatures; Ip Packet Header - ZyXEL Communications NXC5200 User Manual

Chapter 21 IDP

21.6 Custom IDP Signatures

Create custom signatures for new attacks or attacks peculiar to your network.
Custom signatures can also be saved to/from your computer so as to share with
others. You need some knowledge of packet headers and attack types to create
your own custom signatures.

21.6.1 IP Packet Header

These are the fields in an Internet Protocol (IP) version 4 packet header.
Figure 143 IP v4 Packet Headers
The header fields are discussed below:
Table 119 IP v4 Packet Headers
HEADER
Version
IHL
Type of Service
Total Length
Identification
Flags
Fragment Offset
Time To Live
320
DESCRIPTION
The value 4 indicates IP version 4.
IP Header Length is the number of 32 bit words forming the total
length of the header (usually five).
The Type of Service, (also known as Differentiated Services Code
Point (DSCP)) is usually set to 0, but may indicate particular
quality of service needs from the network.
This is the size of the datagram in bytes. It is the combined length
of the header and the data.
This is a 16-bit number, which together with the source address,
uniquely identifies this packet. It is used during reassembly of
fragmented datagrams.
Flags are used to control whether routers are allowed to fragment
a packet and to indicate the parts of a packet to the receiver.
This is a byte count from the start of the original sent packet.
This is a counter that decrements every time it passes through a
router. When it reaches zero, the datagram is discarded. It is used
to prevent accidental routing loops.
NXC5200 User's Guide