ZyXEL Communications ISG50 Network Router User Manual


  Open as PDF
of 880
 
Chapter 26 ADP
ISG50 User’s Guide
421
26.4 ADP Technical Reference
This section is divided into traffic anomaly background information and protocol anomaly
background information.
Traffic Anomaly Background Information
The following sections may help you configure the traffic anomaly profile screen (Section 26.3.4 on
page 415).
Port Scanning
An attacker scans device(s) to determine what types of network protocols or services a device
supports. One of the most common port scanning tools in use today is Nmap.
Many connection attempts to different ports (services) may indicate a port scan. These are some
port scan types:
TCP Portscan
UDP Portscan
IP Portscan
An IP port scan searches not only for TCP, UDP and ICMP protocols in use by the remote computer,
but also additional IP protocols such as EGP (Exterior Gateway Protocol) or IGP (Interior Gateway
Protocol). Determining these additional protocols can help reveal if the destination device is a
workstation, a printer, or a router.
Log These are the log options. To edit this, select an item and use the Log icon.
Action This is the action the ISG50 should take when a packet matches a rule. To edit this,
select an item and use the Action icon.
Log Select whether to have the ISG50 generate a log (log), log and alert (log alert) or
neither (no) when traffic matches this anomaly rule. See Chapter 53 on page 705
for more on logs.
Action Select what the ISG50 should do when a packet matches a rule.
none: The ISG50 takes no action when a packet matches the signature(s).
block: The ISG50 silently drops packets that matches the rule. Neither sender nor
receiver are notified.
OK Click OK to save your settings to the ISG50, complete the profile and return to the
profile summary page.
Cancel Click Cancel to return to the profile summary page without saving any changes.
Save Click Save to save the configuration to the ISG50 but remain in the same page.
You may then go to the another profile screen (tab) in order to complete the
profile. Click OK in the final profile screen to complete the profile.
Table 139 Configuration > ADP > Profile > Protocol Anomaly (continued)
LABEL DESCRIPTION
 previous next