ZyWALL Series CLI Reference Guide
349
CHAPTER 42
IDP Commands
This chapter introduces IDP-related commands.
42.1 Overview
IDP (Intrusion Detection and Prevention) protects against network-based intrusions, by detecting
malicious or suspicious packets and responding instantaneously.
The IDP commands mostly mirror web configurator features. It is recommended you use the web
configurator for IDP features such as searching for web signatures, creating/editing an IDP profile or
creating/editing a custom signature. Some web configurator terms may differ from the command-line
equivalent.
Packet Inspection Signatures
A signature is a pattern of malicious or suspicious packet activity. You can specify an action to be taken
if the system matches a stream of data to a malicious signature. You can change the action in the
profile screens. Packet inspection examine OSI (Open System Interconnection) layer-4 to layer-7 packet
contents for malicious data. Generally, packet inspection signatures are created for known attacks
while anomaly detection looks for abnormal behavior.
Rate Based Signatures
Rate based signatures are IDP signatures that allow the Zyxel Device to just respond when a certain
number of malicious packets are identified within a specific time.
Figure 31 IDP Signatures Example
To Next Page
Loading...
