ZyXEL Communications 5 Series - Intrusion Severity; Signature Actions; Table 79 SECURITY > IDP > Signature: Intrusion Severity; Table 80 SECURITY > IDP

To Next Page

To Previous Page

Chapter 14 Intrusion Detection and Prevention (IDP) Screens

ZyWALL 5/35/70 Series User’s Guide

282

14.3.2 Intrusion Severity

Intrusions are assigned a severity level based on the following table. The intrusion severity

level then determines the default signature action.

14.3.3 Signature Actions

You can enable/disable individual signatures. You can log and/or have an alert sent when

traffic meets a signature criteria. You can also change the default action to be taken when a

packet or stream matches a signature. The following figure and table describes these actions.

Note that in addition to these actions, a log may be generated or an alert sent, if those check

boxes are selected and the signature is enabled.

Web Attack Web attack signatures refer to attacks on web servers such as IIS (Internet

Information Services).

SPAM Spam is unsolicited "junk" e-mail sent to large numbers of people to promote

products or services. Refer to the anti-spam chapter for more detailed information.

Other This category refers to signatures for attacks that do not fall into the previously

mentioned categories.

Table 78 SECURITY > IDP > Signature: Attack Types (continued)

TYPE DESCRIPTION

Table 79 SECURITY > IDP > Signature: Intrusion Severity

SEVERITY DESCRIPTION

Severe These are intrusions that try to run arbitrary code or gain system privileges.

High These are known serious vulnerabilities or intrusions that are probably not false

alarms.

Medium These are medium threats, access control intrusions or intrusions that could be false

alarms.

Low These are mild threats or intrusions that could be false alarms.

Very Low These are possible intrusions caused by traffic such as Ping, trace route, ICMP

queries etc.

Table 80 SECURITY > IDP > Signature: Actions

ACTION DESCRIPTION

No Action The intrusion is detected but no action is taken.

Drop Packet The packet is silently discarded.

Drop Session When the firewall is enabled, subsequent TCP/IP packets belonging to the

same connection are dropped. Neither sender nor receiver are sent TCP RST

packets. If the firewall is not enabled only the packet that matched the

signature is dropped.

Reset Sender When the firewall is enabled, the TCP/IP connection is silently torn down. Just

the sender is sent TCP RST packets. If the firewall is not enabled only the

packet that matched the signature is dropped.

Reset Receiver When the firewall is enabled, the TCP/IP connection is silently torn down. Just

the receiver is sent TCP RST packets. If the firewall is not enabled only the

packet that matched the signature is dropped.

Reset Both When the firewall is enabled, the TCP/IP connection is silently torn down. Both

sender and receiver are sent TCP RST packets. If the firewall is not enabled

only the packet that matched the signature is dropped.

Main Page

ZyXEL Communications 5 Series - Intrusion Severity; Signature Actions; Table 79 SECURITY > IDP > Signature: Intrusion Severity; Table 80 SECURITY > IDP > Signature: Actions

Table of Contents

Related product manuals