Chapter 30 IDP

The following table describes the fields in this screen.

Table 151 Configuration > Anti-X > IDP > Custom Signatures > Add/Edit

LABEL

DESCRIPTION

Name

Type the name of your custom signature. You may use 1-31

 

alphanumeric characters, underscores(_), or dashes (-), but the first

 

character cannot be a number. This value is case-sensitive.

 

Duplicate names can exist but it is advisable to use unique signature

 

names that give some hint as to intent of the signature and the type

 

of attack it is supposed to prevent. Refer to (but do not copy) the

 

packet inspection signature names for hints on creating a naming

 

convention.

 

 

Signature ID

A signature ID is automatically created when you click the Add icon

 

to create a new signature. You can edit the ID to create a new one (in

 

the 9000000 to 9999999 range), but you cannot use one that already

 

exists. You may want to do that if you want to order custom

 

signatures by SID.

 

 

Information

Use the following fields to set general information about the

 

signature as denoted below.

 

 

Severity

The severity level denotes how serious the intrusion is. Categorize

 

the seriousness of the intrusion here. See Table 145 on page 488 as a

 

reference.

 

 

Platform

Some intrusions target specific operating systems only. Select the

 

operating systems that the intrusion targets, that is, the operating

 

systems you want to protect from this intrusion. SGI refers to Silicon

 

Graphics Incorporated, who manufactures multi-user Unix

 

workstations that run the IRIX operating system (SGI's version of

 

UNIX). A router is an example of a network device.

 

 

Service

Select the IDP service group that the intrusion exploits or targets.

 

See Table 147 on page 491 for a list of IDP service groups. The

 

custom signature then appears in that group in the IDP > Profile >

 

Group View screen.

 

 

Policy Type

Categorize the type of intrusion here. See Table 146 on page 490 as

 

a reference.

 

 

Frequency

Recurring packets of the same type may indicate an attack. Use the

 

following field to indicate how many packets per how many seconds

 

constitute an intrusion

 

 

Threshold

Select Threshold and then type how many packets (that meet the

 

criteria in this signature) per how many seconds constitute an

 

intrusion.

 

 

Header Options

 

 

 

Network Protocol

Configure signatures for IP version 4.

 

 

Type Of Service

Type of service in an IP header is used to specify levels of speed and/

 

or reliability. Some intrusions use an invalid Type Of Service

 

number. Select the check box, then select Equal or Not-Equaland

 

then type in a number.

 

 

Identification

The identification field in a datagram uniquely identifies the

 

datagram. If a datagram is fragmented, it contains a value that

 

identifies the datagram to which the fragment belongs. Some

 

intrusions use an invalid Identification number. Select the check

 

box and then type in the invalid number that the intrusion uses.

 

 

502

 

ZyWALL USG 50 User’s Guide