Idp Service Groups - ZyXEL Communications ZyWall 110 User Manual
Security firewalls
Hide thumbs
Also See for ZyWall 110:
- User manual (1090 pages) ,
- Handbook (749 pages) ,
- Handbook & instructions (255 pages)
Table of Contents
Advertisement
Table 203 Policy Types (continued)
POLICY TYPE
DESCRIPTION
Scan
A scan describes the action of searching a network for an exposed service. An attack
may then occur once a vulnerability has been found. Scans occur on several network
levels.
A network scan occurs at layer-3. For example, an attacker looks for network devices
such as a router or server running in an IP network.
A scan on a protocol is commonly referred to as a layer-4 scan. For example, once an
attacker has found a live end system, he looks for open ports.
A scan on a service is commonly referred to a layer-7 scan. For example, once an
attacker has found an open port, say port 80 on a server, he determines that it is a
HTTP service run by some web server application. He then uses a web vulnerability
scanner (for example, Nikto) to look for documented vulnerabilities.
SPAM
Spam is unsolicited "junk" e-mail sent to large numbers of people to promote
products or services.
Stream Media
A Stream Media attack occurs when a malicious network node downloads an
overwhelming amount of media stream data that could potentially exhaust the entire
system. This method allows users to send small requests messges that result in the
streaming of large media objects, providing an oportunity for malicious users to
exhaust resources in the system with little efffort expended on their part.
Tunnel
A Tunneling attack involves sending IPv6 traffic over IPv4, slipping viruses, worms
and spyware through the network using secret tunnels. This method infiltrates
standard security measures through IPv6 tunnels, passing through IPv4 undetected.
An external signal then triggers the malware to spring to life and wreak havoc from
inside the network.
Virus/Worm
A computer virus is a small program designed to corrupt and/or alter the operation of
other legitimate programs. A worm is a program that is designed to copy itself from
one computer to another on a network. A worm's uncontrolled replication consumes
system resources, thus slowing or stopping other tasks.
Web Attack
Web attacks refer to attacks on web servers such as IIS (Internet Information
Services).
IDP Service Groups
An IDP service group is a set of related packet inspection signatures.
Table 204 IDP Service Groups
WEB_PHP
WEB_MISC
WEB_CGI
WEB_ATTACKS
SQL
SNMP
RPC
POP3
ORACLE
NNTP
MISC_EXPLOIT
MISC_DDOS
IMAP
IM
FINGER
DNS
The n/a service group is for signatures that are not for a specific service.
Chapter 30 IDP
WEB_IIS
TFTP
SMTP
POP2
NETBIOS
MISC_BACKDOOR
ICMP
n/a
ZyWALL/USG Series User's Guide
493
WEB_FRONTPAGE
TELNET
RSERVICES
P2P
MYSQL
MISC
FTP
- Quick Links:
- Web Configurator
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
