Idp Service Groups - ZyXEL Communications ZyWALL 1100 User Manual

Table 183 Policy Types (continued)
POLICY TYPE DESCRIPTION
Mail A Mail or E-mail bombing attack involves sending several thoursand identical
messages to an electronic mailbox in order to overflow it, making it unusable.
Misc Miscellaneous attacks takes advantage of vulnerable computer networks and web
servers by forcing cache servers or web browsers into disclosing user-specific
information that might be sensitive and confidential. The most common type of Misc.
attacks are HTTP Response Smuggling, HTTP Response Splitting and JSON Hijacking.
P2P Peer-to-peer (P2P) is where computing devices link directly to each other and can
directly initiate communication with each other; they do not need an intermediary. A
device can be both the client and the server. In the ZyWALL/USG, P2P refers to peer-
to-peer applications such as e-Mule, e-Donkey, BitTorrent, iMesh, etc.
Scan A scan describes the action of searching a network for an exposed service. An attack
may then occur once a vulnerability has been found. Scans occur on several network
levels.
A network scan occurs at layer-3. For example, an attacker looks for network devices
such as a router or server running in an IP network.
A scan on a protocol is commonly referred to as a layer-4 scan. For example, once an
attacker has found a live end system, he looks for open ports.
A scan on a service is commonly referred to a layer-7 scan. For example, once an
attacker has found an open port, say port 80 on a server, he determines that it is a
HTTP service run by some web server application. He then uses a web vulnerability
scanner (for example, Nikto) to look for documented vulnerabilities.
Stream Media Stream media attacks target multimedia traffic sent over the network such as audio
or video traffic.
Tunnel Tunnel attacks target encrypted traffic sent over the Internet using protocols such as
SSH.
SPAM Spam is unsolicited "junk" e-mail sent to large numbers of people to promote
products or services.
Stream Media A Stream Media attack occurs when a malicious network node downloads an
overwhelming amount of media stream data that could potentially exhaust the entire
system. This method allows users to send small requests messges that result in the
streaming of large media objects, providing an oportunity for malicious users to
exhaust resources in the system with little efffort expended on their part.
Tunnel A Tunneling attack involves sending IPv6 traffic over IPv4, slipping viruses, worms
and spyware through the network using secret tunnels. This method infiltrates
standard security measures through IPv6 tunnels, passing through IPv4 undetected.
An external signal then triggers the malware to spring to life and wreak havoc from
inside the network.
Virus/Worm A computer virus is a small program designed to corrupt and/or alter the operation of
other legitimate programs. A worm is a program that is designed to copy itself from
one computer to another on a network. A worm's uncontrolled replication consumes
system resources, thus slowing or stopping other tasks.
Web Attack Web attacks refer to attacks on web servers such as IIS (Internet Information
Services).

IDP Service Groups

An IDP service group is a set of related packet inspection signatures.
Table 184 IDP Service Groups
WEB_PHP WEB_MISC
WEB_CGI WEB_ATTACKS
SQL SNMP
Chapter 28 IDP
WEB_IIS
TFTP
SMTP
ZyWALL/USG Series User's Guide
457
WEB_FRONTPAGE
TELNET
RSERVICES