Chapter 31 IDP
DENIED if you configure the signature action to drop the packet. The destination
port is the service port (NetBIOS in this case) that the attack tries to exploit.
Figure 365 Custom Signature Log
31.9 IDP Technical Reference
This section contains some background information on IDP.
Host Intrusions
The goal of host-based intrusions is to infiltrate files on an individual computer or
server in with the goal of accessing confidential information or destroying
information on a computer.
You must install a host IDP directly on the system being protected. It works
closely with the operating system, monitoring and intercepting system calls to the
kernel or APIs in order to prevent attacks as well as log them.
Disadvantages of host IDPs are that you have to install them on each device (that
you want to protect) in your network and due to the necessarily tight integration
with the host operating system, future operating system upgrades could cause
problems.
Network Intrusions
Network-based intrusions have the goal of bringing down a network or networks
by attacking computer(s), switch(es), router(s) or modem(s). If a LAN switch is
compromised for example, then the whole LAN is compromised. Host-based
intrusions may be used to cause network-based intrusions when the goal of the
host virus is to propagate attacks on the network, or attack computer/server
operating system vulnerabilities with the goal of bringing down the computer/
server. Typical "network-based intrusions" are SQL slammer, Blaster, Nimda
MyDoom etc.
518
ZyWALL USG 2000 User's Guide