ZyXEL Communications ZyWALL USG 200 Series User Manual page 618

Chapter 34 IDP
The following table describes the fields in this screen.
Table 168 Configuration > Anti-X > IDP > Custom Signatures > Add/Edit
LABEL
Name
Signature ID
Information
Severity
Platform
Service
Policy Type
Frequency
Threshold
Header Options
Network Protocol
Type Of Service Type of service in an IP header is used to specify levels of speed and/
Identification
618
DESCRIPTION
Type the name of your custom signature. You may use 1-31
alphanumeric characters, underscores(
character cannot be a number. This value is case-sensitive.
Duplicate names can exist but it is advisable to use unique signature
names that give some hint as to intent of the signature and the type
of attack it is supposed to prevent. Refer to (but do not copy) the
packet inspection signature names for hints on creating a naming
convention.
A signature ID is automatically created when you click the Add icon
to create a new signature. You can edit the ID to create a new one (in
the 9000000 to 9999999 range), but you cannot use one that already
exists. You may want to do that if you want to order custom
signatures by SID.
Use the following fields to set general information about the
signature as denoted below.
The severity level denotes how serious the intrusion is. Categorize
the seriousness of the intrusion here. See
reference.
Some intrusions target specific operating systems only. Select the
operating systems that the intrusion targets, that is, the operating
systems you want to protect from this intrusion. SGI refers to Silicon
Graphics Incorporated, who manufactures multi-user Unix
workstations that run the IRIX operating system (SGI's version of
UNIX). A router is an example of a network device.
Select the IDP service group that the intrusion exploits or targets.
See Table 164 on page 607
custom signature then appears in that group in the IDP > Profile >
Group View screen.
Categorize the type of intrusion here. See
a reference.
Recurring packets of the same type may indicate an attack. Use the
following field to indicate how many packets per how many seconds
constitute an intrusion
Select Threshold and then type how many packets (that meet the
criteria in this signature) per how many seconds constitute an
intrusion.
Configure signatures for IP version 4.
or reliability. Some intrusions use an invalid Type Of Service
number. Select the check box, then select Equal or Not-Equal and
then type in a number.
The identification field in a datagram uniquely identifies the
datagram. If a datagram is fragmented, it contains a value that
identifies the datagram to which the fragment belongs. Some
intrusions use an invalid Identification number. Select the check
box and then type in the invalid number that the intrusion uses.
), or dashes (-), but the first
_
Table 162 on page 604
for a list of IDP service groups. The
Table 163 on page 606
ZyWALL USG 100/200 Series User's Guide
as a
as