Table of Contents
Advertisement
7.
Enter the destination IP Address and select the appropriate IP version checkbox. No network
mask is required.
8.
Click OK. The rule is displayed in the table.
9.
Click Edit or Delete to change or delete existing rules.
10. Click Commit to add your changes to the policy being configured.
Examples
The following example shows the rules to log packets going to 10.100.100.255 or 10.100.100.0
This example shows the rules to log ICMP Smurf attacks.
Configuring the Probe Detection Module
The parameters set with this module configure the way the Network Sensor tracks probing
activities that cannot be detected by rule-matching or protocol anomaly detection. The probe
detection module builds vast internal tables to keep track of the following factors:
•
Number of destination hosts
•
Number of destination ports
•
Number of source hosts
•
Time over which the packets were sent
The module provides configuration settings that control how the sensor collects information and
generates events under certain situations.
The Probe Detection module has two areas for configuration:
•
The options in the Probe Detection Settings area configure the thresholds used by the
Network Sensor when it performs port scan and port sweep analysis.
•
The Port Ranges table is used to specify which port ranges you want the Network Sensor to
consider when analyzing for port scans and sweeps.
Note: You can use the
Probe Settings Tab
sensor to ignore traffic from legitimate port scanning applications at specific IP addresses and ports.
Configuring the Probe Detection Module
(page 2-14) in the Application Filter Module to tell the
Creating Network Sensor Policies and Signatures 2-47
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?