29

ADP

29.1 Overview

This chapter introduces ADP (Anomaly Detection and Prevention), anomaly profiles and applying an ADP profile to a traffic direction. ADP protects against anomalies based on violations of protocol standards (RFCs – Requests for Comments) and abnormal flows such as port scans.

29.1.1 ADP

1ADP anomaly detection is in general effective against abnormal behavior.

2ADP traffic and anomaly rules are updated when you upload new firmware.

29.1.2What You Can Do in this Chapter

Use Anti-X > ADP > General (Section 29.2 on page 469) to turn anomaly detection on or off and apply anomaly profiles to traffic directions.

Use Anti-X > ADP > Profile (Section 29.3 on page 470) to add a new profile, edit an existing profile or delete an existing profile.

29.1.3What You Need To Know

Traffic Anomalies

Traffic anomaly rules look for abnormal behavior or events such as port scanning, sweeping or network flooding. It operates at OSI layer-2 and layer-3. Traffic anomaly rules may be updated when you upload new firmware.

Protocol Anomalies

Protocol anomalies are packets that do not comply with the relevant RFC (Request For Comments). Protocol anomaly detection includes HTTP Inspection, TCP Decoder, UDP Decoder and ICMP Decoder. Protocol anomaly rules may be updated when you upload new firmware.

 

467

ZyWALL USG 20/20W User’s Guide