Figure 6-5 Scan Signatures - ZyXEL Communications ZYWALL IDP 10 User Manual

ZyWALL IDP 10 User's Guide
6.3.5 Scan
Scan refers to all port, IP or vulnerability scans. Hackers scan ports to find targets. They may use a
TCP connect() call, SYN scanning (half-open scanning), Nmap etc. After a target has been found, a
layer-7 scanner can be used to exploit vulnerabilities. To find a list of all scan-related signatures
supported by the ZyWALL, do a policy search by name (scan) or policy query by type (Scan). The
following screen shows some of the scan-related signatures supported by the ZyWALL at the time of
writing.

Figure 6-5 Scan Signatures

6.3.6 Buffer Overflow
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary
data storage area) than it was intended to hold. The excess information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.
Intruders could run codes in the overflow buffer region to obtain control of the system, install a
backdoor or use the victim to launch attacks on other devices.
To find a list of all buffer overflow related signatures supported by the ZyWALL, do a policy search
by name or policy query by type (Buffer Overflow). The following screen shows some of the buffer
overflow related signatures supported by the ZyWALL at the time of writing.
IDP Policies 6-5