ZyWALL 5/35/70 Series User’s Guide

To see signatures listed by intrusion type supported by the ZyWALL, select that type from the Attack Type list box.

Figure 113 Attack Types

The following table describes each attack type.

Table 77 Attack Types

TYPE

DESCRIPTION

 

 

DoS/DDoS

The goal of Denial of Service (DoS) attacks is not to steal information, but to

 

disable a device or network on the Internet. A distributed denial-of-service (DDoS)

 

attack is one in which multiple compromised systems attack a single target,

 

thereby causing denial of service for users of the targeted system.

Buffer Overflow

A buffer overflow occurs when a program or process tries to store more data in a

 

buffer (temporary data storage area) than it was intended to hold. The excess

 

information can overflow into adjacent buffers, corrupting or overwriting the valid

 

data held in them.

 

Intruders could run codes in the overflow buffer region to obtain control of the

 

system, install a backdoor or use the victim to launch attacks on other devices.

Access Control

Access control refers to procedures and controls that limit or detect access. Access

 

control is used typically to control user access to network resources such as

 

servers, directories, and files.

Scan

Scan refers to all port, IP or vulnerability scans. Hackers scan ports to find targets.

 

They may use a TCP connect() call, SYN scanning (half-open scanning), Nmap

 

etc. After a target has been found, a vulnerability scanner can be used to exploit

 

exposures.

Trojan Horse

A Trojan horse is a harmful program that’s hidden inside apparently harmless

 

programs or data. It could be used to steal information or remotely control a device.

P2P

Peer-to-peer (P2P) is where computing devices link directly to each other and can

 

directly initiate communication with each other; they do not need an intermediary. A

 

device can be both the client and the server. In the ZyWALL, P2P refers to peer-to-

 

peer applications such as eMule, eDonkey, BitTorrent, iMesh etc.

IM

IM (Instant Messaging) refers to chat applications. Chat is real-time communication

 

between two or more users via networks-connected computers. After you enter a

 

chat (or chat room), any member can type a message that will appear on the

 

monitors of all the other participants.

243

Chapter 13 Configuring IDP