Table of Contents
Advertisement
Configuring the Transport Layer Module
This module defines logging actions for Transport Layer traffic.
This module has ten tabs, described in the following sections.
For information about...
General Settings Tab
General Settings Tab
The General Settings tab has two sub-tabs, Basic Settings and Advanced Settings. These settings
configure general Transport Layer logging and event generation options. For example, you can tell
the sensor to:
•
Log any TCP or UDP packet with a source or destination port of zero. Such packets may be the
result of NAT devices, busy DNS servers and a variety of hacker scanning and probing
attacks.
•
To verify the integrity of inbound TCP packets by calculating their checksum and comparing
it to the value in the packet. If a discrepancy is discovered, the packet is dropped. You can also
log such events.
•
To analyze all of the data in captured SYN packets for non-zero bytes and generate an event
when such packets are identified.
•
To look for any packet that has a zero length TCP option or a post EOL TCP option and
generate an event when such packets are identified.
•
To identify SYN attacks and generate an event.
Procedure
To configure the basic and advanced general settings:
1.
Click the Network Policy View icon and the Network Policies tab.
2.
Expand the tree by clicking the expansion symbols and select the custom policy name.
The modules for that policy are displayed in the tree.
3.
Click the Transport Layer Module in the tree.
Configuring the Transport Layer Module
Creating Network Sensor Policies and Signatures 2-91
Refer to page...
2-91
2-94
2-96
2-97
2-99
2-101
2-103
2-105
2-108
2-109
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?