ZyXEL Communications 91-009-073003B manual 503

LABEL

DESCRIPTION

Fragmentation

A fragmentation flag identifies whether the IP datagram should be

fragmented, not fragmented or is a reserved bit. Some intrusions can

be identified by this flag. Select the check box and then select the

flag that the intrusion uses.

Fragmentation

When an IP datagram is fragmented, it is reassembled at the final

Offset

destination. The fragmentation offset identifies where the fragment

belongs in a set of fragments. Some intrusions use an invalid

Fragmentation Offset number. Select the check box, select Equal,

Smaller or Greater and then type in a number

Time to Live

Time to Live is a counter that decrements every time it passes

through a router. When it reaches zero, the datagram is discarded.

Usually it’s used to set an upper limit on the number of routers a

datagram can pass through. Some intrusions can be identified by the

number in this field. Select the check box, select Equal, Smaller or

Greater and then type in a number.

IP Options

IP options is a variable-length list of IP options for a datagram that

define IP Security Option, IP Stream Identifier, (security and

handling restrictions for the military), Record Route (have each

router record its IP address), Loose Source Routing (specifies a list

of IP addresses that must be traversed by the datagram), Strict

Source Routing (specifies a list of IP addresses that must ONLY be

traversed by the datagram), Timestamp (have each router record

its IP address and time), End of IP List and No IP Options. IP

Options can help identify some intrusions. Select the check box,

then select an item from the list box that the intrusion uses

Same IP

Select the check box for the signature to check for packets that have

the same source and destination IP addresses.

Transport Protocol

The following fields vary depending on whether you choose TCP, UDP

or ICMP.

Transport

Protocol: TCP

Port

Select the check box and then enter the source and destination TCP

port numbers that will trigger this signature.