Table of Contents
Advertisement
The following table displays the command line service and action equivalent values. If you
want to combine services in a search, then add their respective numbers together. For example,
to search for signatures for DNS, Finger and FTP services, then type "7" as the service
parameter.
Table 94 Service and Action Command Values
SERVICE
1 = DNS
2 = FINGER
4 = FTP
8 = MYSQL
16 = ICMP
32 = IM
64 = IMAP
128 = MISC
256 = NETBIOS
512 = NNTP
1024 = ORACLE
2048 = P2P
4096 = POP2
8192 = POP3
16384 = RPC
32768 = RSERVICES
20.3.6.2 Signature Search Example
This example command searches for all signatures in the LAN_IDP profile:
• Containing the text "worm" within the signature name
• With an ID of 12345
• Has a very low severity level
• Operates on the Windows NT platform
• Is a scan policy type, DNS service
• Is enabled
• Generates logs.
Router# configure terminal
Router(config)#
Router(config)# idp search signature LAN_IDP name "
-> 1 platform 4 policytype 4 service 1 activate yes log log action 2
20.4 IDP Custom Signatures
Use these commands to create a new signature or edit an existing one.
It is recommended you use the web configurator to create/edit signatures
using the web configurator Anti-X > IDP > Custom Signatures screen.
ZyWALL (ZLD) CLI Reference Guide
SERVICE
65536 = SMTP
131072 = SNMP
262144 = SQL
524288 = TELNET
1048576 = TFTP
2097152 = n/a
4194304 = WEB_ATTACKS
8388608 = WEB_CGI
16777216 = WEB_FRONTPAGE
33554432 = WEB_IIS
67108864 = WEB_MISC
134217728 = WEB_PHP
268435456 = MISC_BACKDOOR
536870912 = MISC_DDOS
1073741824 = MISC_EXPLOIT
Chapter 20 IDP Commands
ACTION
1 = None
2 = Drop
4 = Reject-sender
8 = Reject-receiver
16 = Reject-both
worm
" sid 12345 severity
171
Hide quick links:
Advertisement
Table of Contents
