ZyXEL Communications ZyWall 110 User Manual page 504

30.3.2.1 Understand the Vulnerability
Check the ZyWALL/USG logs when the attack occurs. Use web sites such as Google or Security
Focus to get as much information about the attack as you can. The more specific your signature,
the less chance it will cause false positives.
As an example, say you want to check if your router is being overloaded with DNS queries so you
create a signature to detect DNS query traffic.
30.3.2.2 Analyze Packets
Use the packet capture screen and a packet analyzer (also known as a network or protocol
analyzer) such as Wireshark or Ethereal to investigate some more.
Figure 338 DNS Query Packet Details
Chapter 30 IDP
ZyWALL/USG Series User's Guide
504