Chapter 30 IDP
ZyWALL USG 50 User’s Guide
502
The following table describes the fields in this screen.
Table 151 Configuration > Anti-X > IDP > Custom Signatures > Add/Edit
LABEL DESCRIPTION
Name Type the name of your custom signature. You may use 1-31
alphanumeric characters, underscores(_), or dashes (-), but the first
character cannot be a number. This value is case-sensitive.
Duplicate names can exist but it is advisable to use unique signature
names that give some hint as to intent of the signature and the type
of attack it is supposed to prevent. Refer to (but do not copy) the
packet inspection signature names for hints on creating a naming
convention.
Signature ID A signature ID is automatically created when you click the Add icon
to create a new signature. You can edit the ID to create a new one (in
the 9000000 to 9999999 range), but you cannot use one that already
exists. You may want to do that if you want to order custom
signatures by SID.
Information Use the following fields to set general information about the
signature as denoted below.
Severity The severity level denotes how serious the intrusion is. Categorize
the seriousness of the intrusion here. See Table 145 on page 488 as a
reference.
Platform Some intrusions target specific operating systems only. Select the
operating systems that the intrusion targets, that is, the operating
systems you want to protect from this intrusion. SGI refers to Silicon
Graphics Incorporated, who manufactures multi-user Unix
workstations that run the IRIX operating system (SGI's version of
UNIX). A router is an example of a network device.
Service Select the IDP service group that the intrusion exploits or targets.
See Table 147 on page 491 for a list of IDP service groups. The
custom signature then appears in that group in the IDP > Profile >
Group View screen.
Policy Type Categorize the type of intrusion here. See Table 146 on page 490 as
a reference.
Frequency Recurring packets of the same type may indicate an attack. Use the
following field to indicate how many packets per how many seconds
constitute an intrusion
Threshold Select Threshold and then type how many packets (that meet the
criteria in this signature) per how many seconds constitute an
intrusion.
Header Options
Network Protocol Configure signatures for IP version 4.
Type Of Service Type of service in an IP header is used to specify levels of speed and/
or reliability. Some intrusions use an invalid Type Of Service
number. Select the check box, then select Equal or Not-Equal and
then type in a number.
Identification The identification field in a datagram uniquely identifies the
datagram. If a datagram is fragmented, it contains a value that
identifies the datagram to which the fragment belongs. Some
intrusions use an invalid Identification number. Select the check
box and then type in the invalid number that the intrusion uses.
