Zywall Idp - ZyXEL Communications ZYWALL 35 User Manual

Chapter 12 Intrusion Detection and Prevention (IDP)
W32/MyDoom-A is a worm that is spread by email. When the infected attachment is
launched, the worm gathers e-mail addresses from address books and from files with the
following extensions: WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL. W32/
MyDoom-A creates a file called Message in the temp folder and runs Notepad to display the
contents, which displays random characters. W32/MyDoom-A creates randomly chosen
email addresses in the "To:" and "From:" fields as well as a randomly chosen subject line.
Attached files will have an extension of BAT, CMD, EXE, PIF, SCR or ZIP.

12.1.6 ZyWALL IDP

The ZyWALL Internet Security Appliance is designed to protect against network-based
intrusions. See
ZyWALL interfaces.
IDP is regularly updated by the ZyXEL Security Response Team (ZSRT). Regular updates are
vital as new intrusions evolve.
278
Section 13.2 on page 280 for more information on how to apply IDP to
ZyWALL 5/35/70 Series User's Guide