Chapter 20 IPS
USG FLEX H Series User’s Guide
309
IPS Service Groups
An IPS service group is a set of related packet inspection signatures.
20.2.1 Query Example
This example shows a search with these criteria:
•Severity: Severe
• Classification Type: Misc
• Platform: Windows
•Service: Any
•Actions: Any
Tunnel A Tunneling attack involves sending IPv6 traffic over IPv4, slipping viruses, worms and
spyware through the network using secret tunnels. This method infiltrates standard
security measures through IPv6 tunnels, passing through IPv4 undetected. An external
signal then triggers the malware to spring to life and wreak havoc from inside the
network.
Virus/Worm A computer virus is a small program designed to corrupt and/or alter the operation of
other legitimate programs. A worm is a program that is designed to copy itself from one
computer to another on a network. A worm’s uncontrolled replication consumes system
resources, thus slowing or stopping other tasks.
Web Attack Web attacks refer to attacks on web servers such as IIS (Internet Information Services).
File Transfer File transfer is a protocol to transfer files over the Internet. An attack may then occur if
you’re transferring files over an unsecured connection. Personal data stored in the files
uploaded can also be easily accessed by attackers if these files are not encrypted.
Table 154 IPS Service Groups
WEB_PHP WEB_MISC WEB_IIS WEB_FRONTPAGE
WEB_CGI WEB_ATTACKS TFTP TELNET
SQL SNMP SMTP RSERVICES
RPC POP3 POP2 P2P
ORACLE NNTP NETBIOS MYSQL
MISC_EXPLOIT MISC_DDOS MISC_BACKDOOR MISC
IMAP IM ICMP FTP
FINGER DNS n/a
Table 153 Policy Types (continued)
POLICY TYPE DESCRIPTION
To Next Page
Loading...
