ZyXEL Communications 91-009-073003B 30.8.2 Custom Signature Example, 30.8.2.1 Understand the Vulnerability

Chapter 30 IDP

Table 151 Configuration > Anti-X > IDP > Custom Signatures > Add/Edit (continued)

LABEL	DESCRIPTION
OK	Click this button to save your changes to the ZyWALL and return to
	the summary screen.

Cancel	Click this button to return to the summary screen without saving any
	changes.

30.8.2 Custom Signature Example

Before creating a custom signature, you must first clearly understand the vulnerability.

30.8.2.1 Understand the Vulnerability

Check the ZyWALL logs when the attack occurs. Use web sites such as Google or Security Focus to get as much information about the attack as you can. The more specific your signature, the less chance it will cause false positives.

As an example, say you want to check if your router is being overloaded with DNS queries so you create a signature to detect DNS query traffic.

506
506	ZyWALL USG 50 User’s Guide