C
H A P T E R
32.1 Overview
This chapter introduces ADP (Anomaly Detection and Prevention), anomaly
profiles and applying an ADP profile to a traffic direction. ADP protects against
anomalies based on violations of protocol standards (RFCs – Requests for
Comments) and abnormal flows such as port scans.
32.1.1 ADP and IDP Comparison
ADP anomaly detection is in general effective against abnormal behavior while IDP
1
packet inspection signatures are in general effective for known attacks (see
Chapter 31 on page 487
ADP traffic and anomaly rules are updated when you upload new firmware. This is
2
different from the IDP packet inspection signatures and the system protect
signatures you download from myZyXEL.com.
32.1.2 What You Can Do Using the ADP Screens
• Use Anti-X > ADP > General
detection on or off and apply anomaly profiles to traffic directions.
• Use Anti-X > ADP > Profile
edit an existing profile or delete an existing profile.
32.1.3 What You Need To Know About ADP
Traffic Anomalies
Traffic anomaly rules look for abnormal behavior or events such as port scanning,
sweeping or network flooding. It operates at OSI layer-2 and layer-3. Traffic
anomaly rules may be updated when you upload new firmware.
ZyWALL USG 2000 User's Guide
for information on packet inspection).
(Section 32.2 on page
(Section 32.3 on page
32
ADP
523) to turn anomaly
525) to add a new profile,
521