ZyWALL ATP Series User’s Guide
533
CHAPTER 29
Botnet Filter
29.1 Overview
A botnet is a network consisting of computers that are infected with malware and remotely controlled.
The infected computers will contact and wait for instructions from a command and control (C&C)
server(s). An attacker can control the botnet by setting up a C&C server and sending commands to the
infected computers. Alternatively, a peer-to-peer network approach is used. The infected computer
scans and communicates with the peer devices in the same botnet to share commands or malware
sent by the C&C server.
The Zyxel Device’s botnet filtering service allows you to detect and block connection attempts to or
from the C&C server or known botnet IP addresses.
When you register for and enable the botnet filtering service, your Zyxel Device downloads signature
files that contain known botnet domain names and IP addresses. The Zyxel Device will also access an
external database that has millions of web sites categorized based on content. You can have the Zyxel
Device allow, block, block and/or log access to web sites or hosts based on these signatures and
categories.
29.1.1 What You Can Do in this Chapter
Use the Botnet Filter screen (Section 29.2 on page 533) to enable botnet filtering and specify what
action the Zyxel Device takes when any suspicious activity is detected.
29.2 Botnet Filter Screen
Click Configuration > Security Service > Botnet Filter to display the configuration screen as shown next.
Use this screen to enable botnet filtering and specify the action the Zyxel Device takes when it detects a
suspicious activity or a connection attempt to or from a botnet C&C server.
To Next Page
Loading...
