Chapter 30 IDP

Table 151 Configuration > Anti-X > IDP > Custom Signatures > Add/Edit (continued)

LABEL

DESCRIPTION

OK

Click this button to save your changes to the ZyWALL and return to

 

the summary screen.

 

 

Cancel

Click this button to return to the summary screen without saving any

 

changes.

 

 

30.8.2 Custom Signature Example

Before creating a custom signature, you must first clearly understand the vulnerability.

30.8.2.1 Understand the Vulnerability

Check the ZyWALL logs when the attack occurs. Use web sites such as Google or Security Focus to get as much information about the attack as you can. The more specific your signature, the less chance it will cause false positives.

As an example, say you want to check if your router is being overloaded with DNS queries so you create a signature to detect DNS query traffic.

506

 

ZyWALL USG 50 User’s Guide