beautypg.com

ZyXEL Communications ZyXEL ZyWALL IDP 10 User Manual

Page 73

background image

ZyWALL IDP 10 User’s Guide

IDP Policies

6-27

Table 6-7 Configuring a User-defined IDP Policy

LABEL

DESCRIPTION

Type Select whether the policy applies to IGMP types that match (Equal), don’t match (Not

Equal), are greater than (>), or lesser than (<) the IGMP type you type in the text box
that follows.

Packet Content

Packet Content parameters are for searching packet payloads. Do a traffic packet trace
when an attack occurs and then isolate the part of the trace that identifies the attack, so
you can paste the identifying portion into the following field(s) to identify the attack.

Matching Offset and Matching Depth apply to all strings. The order in which they’re
found doesn’t matter (that is string 3 could be found before string 1 as long as it’s within
the depth defined). String overlaps are also allowed.

All strings must be found to constitute a

match.

Matching Offset Matching Offset defines the payload start point. If Protocol type is IP, then the

matching starting point is at the end of the layer-3 header; otherwise, it starts matching
from the end of the layer-4 header.

Matching Depth Matching Depth the length of the payload to search for a match.

Method

Choose from Case sensitive (upper case and lower case letters are considered
different), Case insensitive (upper case and lower case letters are considered the
same), URL string (a complete web site address), Hexadecimal (0-9 and a –f
characters).

The URL string is case insensitive, can include the character ‘?’ and spaces and
ignores character order. Therefore “/cgi-bin/foo.exe?p1=abc&p2=def” and “/cgi-
bin/foo.exe?p2=def&p1=abc” are considered a match. Extra parameters in the payload
don’t matter either. For example, a pattern “/cgi-bin/foo.exe?p1=abc&p2=def” would
match a packet with URL string “/cgi-bin/foo.exe?p0=xyz&p1=abc&p2=def”.

Content 1~6 Type or paste the content (string or hexadecimal characters) into the corresponding

content field(s).

Apply

Click this button to save your changes back to the ZyWALL.

Cancel

Click this button to close this screen without saving any changes.

See also other documents in the category ZyXEL Communications Hardware: