Filter
Top Products
Chapter 30 IDP
ZyWALL USG 50 User’s Guide
504
Flow If selected, the signature only applies to certain directions of the
traffic flow and only to clients or servers. Select Flow and then select
the identifying options.
Established: The signature only checks for established TCP
connections
Stateless: The signature is triggered regardless of the state of the
stream processor (this is useful for packets that are designed to
cause devices to crash)
To Client: The signature only checks for server responses from A to
B.
To Server: The signature only checks for client requests from B to A.
From Client:.The signature only checks for client requests from B to
A.
From Servers: The signature only checks for server responses from
A to B.
No Stream: The signature does not check rebuilt stream packets.
Only Stream: The signature only checks rebuilt stream packets.
Flags Select what TCP flag bits the signature should check.
Sequence
Number
Use this field to check for a specific TCP sequence number.
Ack Number Use this field to check for a specific TCP acknowledgement number.
Window Size Use this field to check for a specific TCP window size.
Transport
Protocol: UDP
Port Select the check box and then enter the source and destination UDP
port numbers that will trigger this signature.
Transport
Protocol: ICMP
Type Use this field to check for a specific ICMP type value.
Code Use this field to check for a specific ICMP code value.
ID Use this field to check for a specific ICMP ID value. This is useful for
covert channel programs that use static ICMP fields when they
communicate.
Sequence
Number
Use this field to check for a specific ICMP sequence number. This is
useful for covert channel programs that use static ICMP fields when
they communicate.
Payload Options The longer a payload option is, the more exact the match, the faster
the signature processing. Therefore, if possible, it is recommended to
have at least one payload option in your signature.
Table 151 Configuration > Anti-X > IDP > Custom Signatures > Add/Edit (continued)
LABEL DESCRIPTION