Applying Custom Signatures - ZyXEL Communications USG40 User Manual
Usg series
Hide thumbs
Also See for USG40:
- User manual (994 pages) ,
- Handbook (810 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
Chapter 27 IDP
From the details about DNS query you see that the protocol is UDP and the port is 53. The type of
DNS packet is standard query and the Flag is 0x0100 with an offset of 2. Therefore enter |010| as
the first pattern.
The final custom signature should look like as shown in the following figure.
Figure 311 Example Custom Signature
27.3.3 Applying Custom Signatures
After you create your custom signature, it becomes available in an IDP profile (Configuration >
UTM Profile > IDP > Profile > Edit) screen. Custom signatures have an SID from 9000000 to
9999999.
Search for, then activate the signature, configure what action to take when a packet matches it and
if it should generate a log or alert in a profile. Then bind the profile to a zone.
ZyWALL/USG Series User's Guide
464
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
