Chapter 29 IDP
After you create your custom signature, it becomes available in the IDP service group category in the IDP > Profile > Packet Inspection screen. Custom signatures have an SID from 9000000 to 9999999.
You can activate the signature, configure what action to take when a packet matches it and if it should generate a log or alert in a profile. Then bind the profile to a zone.
Figure 336 Example: Custom Signature in IDP Profile
29.10.4 Verifying Custom SignaturesYou should configure the signature to create a log when an ‘attack packet’ matches the signature. (You may also want to configure an alert if the attack is more serious and needs more immediate attention.) After you apply the signature to a zone, you can see if it works by checking the logs (Maintenance > Logs > View Log).
All IDP signatures come under the IDP category. The Priority column shows warn for signatures that are configured to generate a log only. It shows critical for signatures that are configured to generate a log and alert. count is the number of attacks that occurred at that time. The Note column displays ACCESS FORWARD when no action is configured for the signature. It displays ACCESS DENIED if you configure the signature action to drop the packet. The destination port is the service port (NetBIOS in this case) that the attack tries to exploit.
442 |
| |
ZyWALL USG 1000 User’s Guide |
| |
|
|
|