Table of Contents
Advertisement
Configuring the Network Layer Module
General Settings Tab
The General Settings tab, with its Basic Settings and Advanced Settings sub-tabs, allow you to
configure the sensor to perform the desired action when any packet header contains certain
anomalous values. The Advanced Settings tab also allows you to configure certain fragment
rebuilding parameters.
Procedure
To configure the basic and advanced general settings:
1.
Click the Network Policy View icon, and then the Network Policies tab.
2.
Expand the tree by clicking on the expansion symbol, and then select the custom policy name.
The modules for that policy are displayed in the tree.
3.
Click the Network Layer Module in the tree.
4.
Click the General Settings tab.
5.
Click the Basic Settings tab.
6.
You must select the Enable Network Layer Analysis option to enable Network Layer
Analysis. This option is enabled by default.
7.
Selecting Enable Debugging tells the sensor to output the current status of the network layer
fragment reassembly algorithm and how it is rebuilding fragmented traffic. Do not enable this
option unless told to do so by Enterasys Technical Support.
8.
Selecting Check IP Options for Zero Length or EOL tells the sensor to look for any packets
with IP options of zero length or post EOL (End Of Line) IP options. This option is selected by
default.
There are non-compliant IP stacks in existence that make a variety of violations in normal
everyday traffic. This means that this setting may result in many false positives. Some denial
of service attacks exist for network devices that simply consist of post EOL IP options.
2-34 Creating Network Sensor Policies
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?