Chapter 34 IDP

 

Table 153 Configuration > Anti-X > IDP > Profile > Group View (continued)

 

LABEL

DESCRIPTION

 

 

Action

To edit what action the ZyWALL takes when a packet matches a signature,

 

 

 

select the signature and use the Action icon.

 

 

 

none: Select this action on an individual signature or a complete service

 

 

 

group to have the ZyWALL take no action when a packet matches the

 

 

 

signature(s).

 

 

 

drop: Select this action on an individual signature or a complete service

 

 

 

group to have the ZyWALL silently drop a packet that matches the

 

 

 

signature(s). Neither sender nor receiver are notified.

 

 

 

reject-sender: Select this action on an individual signature or a complete

 

 

 

service group to have the ZyWALL send a reset to the sender when a

 

 

 

packet matches the signature. If it is a TCP attack packet, the ZyWALL will

 

 

 

send a packet with a ‘RST’ flag. If it is an ICMP or UDP attack packet, the

 

 

 

ZyWALL will send an ICMP unreachable packet.

 

 

 

reject-receiver: Select this action on an individual signature or a

 

 

 

complete service group to have the ZyWALL send a reset to the receiver

 

 

 

when a packet matches the signature. If it is a TCP attack packet, the

 

 

 

ZyWALL will send a packet with an a ‘RST’ flag. If it is an ICMP or UDP

 

 

 

attack packet, the ZyWALL will do nothing.

 

 

 

reject-both: Select this action on an individual signature or a complete

 

 

 

service group to have the ZyWALL send a reset to both the sender and

 

 

 

receiver when a packet matches the signature. If it is a TCP attack packet,

 

 

 

the ZyWALL will send a packet with a ‘RST’ flag to the receiver and sender.

 

 

 

If it is an ICMP or UDP attack packet, the ZyWALL will send an ICMP

 

 

 

unreachable packet.

 

 

 

 

 

 

#

This is the entry’s index number in the list.

 

 

 

 

 

 

Status

The activate (light bulb) icon is lit when the entry is active and dimmed

 

 

 

when the entry is inactive.

 

 

 

 

 

 

Service

Click the + sign next to a service group to expand it. A service group is a

 

 

 

group of related IDP signatures.

 

 

 

 

 

 

Message

This is the name of the signature.

 

 

 

 

 

 

SID

This is the signature ID (identification) number that uniquely identifies a

 

 

 

ZyWALL signature.

 

 

 

 

 

 

Severity

These are the severities as defined in the ZyWALL. The number in brackets

 

 

 

is the number you use if using commands.

 

 

 

Severe (5): These denote attacks that try to run arbitrary code or gain

 

 

 

system privileges.

 

 

 

High (4): These denote known serious vulnerabilities or attacks that are

 

 

 

probably not false alarms.

 

 

 

Medium (3): These denote medium threats, access control attacks or

 

 

 

attacks that could be false alarms.

 

 

 

Low (2): These denote mild threats or attacks that could be false alarms.

 

 

 

Very Low (1): These denote possible attacks caused by traffic such as

 

 

 

Ping, trace route, ICMP queries etc.

 

 

 

 

 

 

Policy Type

This is the attack type as defined on the ZyWALL. See Table 154 on page

 

 

 

574 for a description of each type.

 

 

 

 

 

 

573

ZyWALL USG 2000 User’s Guide