ZyXEL Communications ZyWALL 1100 User Manual page 468

28.3.2.1 Understand the Vulnerability
Check the ZyWALL/USG logs when the attack occurs. Use web sites such as Google or Security
Focus to get as much information about the attack as you can. The more specific your signature,
the less chance it will cause false positives.
As an example, say you want to check if your router is being overloaded with DNS queries so you
create a signature to detect DNS query traffic.
28.3.2.2 Analyze Packets
Use the packet capture screen and a packet analyzer (also known as a network or protocol
analyzer) such as Wireshark or Ethereal to investigate some more.
Figure 313 DNS Query Packet Details
Chapter 28 IDP
ZyWALL/USG Series User's Guide
468