ZyXEL Communications 35 Series, 70 Series Intrusion Detection and Prevention (IDP)

ZyWALL 5/35/70 Series User’s Guide

11.3.3.2 Service .........................................................................................	217
11.3.3.3 Source Address ...........................................................................	217
11.3.3.4 Destination Address ....................................................................	217
11.4 Connection Direction Examples .....................................................................	217
11.4.1 LAN To WAN Rules ...............................................................................	217
11.4.2 WAN To LAN Rules ...............................................................................	218
11.5 Alerts ..............................................................................................................	218
11.6 Firewall Default Rule (Router Mode) ..............................................................	219
11.7 Firewall Default Rule (Bridge Mode) ............................................................	220
11.8 Firewall Rule Summary .................................................................................	222
11.8.1 Firewall Edit Rule ..............................................................................	223
11.9 Anti-Probing ................................................................................................	226
11.10 Firewall Threshold .....................................................................................	227
11.10.1 Threshold Values ................................................................................	227
11.10.2 Half-Open Sessions ............................................................................	227
11.10.2.1 TCP Maximum Incomplete and Blocking Time ..........................	228
11.11 Service .........................................................................................................	230
11.11.1 Firewall Edit Custom Service ..............................................................	232
11.11.2 Predefined Services ............................................................................	233
11.12 Example Firewall Rule ..................................................................................	235
Chapter 12
Intrusion Detection and Prevention (IDP) ..........................................................	240
12.1 Introduction to IDP .......................................................................................	240
12.1.1 Firewalls and Intrusions ........................................................................	240
12.1.2 IDS and IDP .........................................................................................	241
12.1.3 Host IDP ..............................................................................................	241
12.1.4 Network IDP .........................................................................................	241
12.1.5 Example Intrusions ...............................................................................	242
12.1.5.1 SQL Slammer Worm ...................................................................	242
12.1.5.2 Blaster W32.Worm ......................................................................	242
12.1.5.3 Nimda ..........................................................................................	242
12.1.5.4 MyDoom ......................................................................................	243
12.1.6 ZyWALL IDP .........................................................................................	243
Chapter 13
Configuring IDP....................................................................................................	244
13.1 Overview ........................................................................................................	244
13.1.1 Interfaces ..............................................................................................	244
13.2 General Setup ................................................................................................	245
13.3 IDP Signatures ...............................................................................................	246
13.3.1 Attack Types .........................................................................................	246
13.3.2 Intrusion Severity ..................................................................................	248

15	Table of Contents