ZyXEL Communications ISG50 User Manual
Chapter 26 ADP
ISG50 User’s Guide
421
26.4 ADP Technical Reference
This section is divided into traffic anomaly background information and protocol anomaly
background information.
background information.
Traffic Anomaly Background Information
The following sections may help you configure the traffic anomaly profile screen (
Port Scanning
An attacker scans device(s) to determine what types of network protocols or services a device
supports. One of the most common port scanning tools in use today is Nmap.
supports. One of the most common port scanning tools in use today is Nmap.
Many connection attempts to different ports (services) may indicate a port scan. These are some
port scan types:
port scan types:
• TCP Portscan
• UDP Portscan
• IP Portscan
• UDP Portscan
• IP Portscan
An IP port scan searches not only for TCP, UDP and ICMP protocols in use by the remote computer,
but also additional IP protocols such as EGP (Exterior Gateway Protocol) or IGP (Interior Gateway
Protocol). Determining these additional protocols can help reveal if the destination device is a
workstation, a printer, or a router.
but also additional IP protocols such as EGP (Exterior Gateway Protocol) or IGP (Interior Gateway
Protocol). Determining these additional protocols can help reveal if the destination device is a
workstation, a printer, or a router.
Log
These are the log options. To edit this, select an item and use the Log icon.
Action
This is the action the ISG50 should take when a packet matches a rule. To edit this,
select an item and use the Action icon.
select an item and use the Action icon.
Log
Select whether to have the ISG50 generate a log (log), log and alert (log alert) or
neither (no) when traffic matches this anomaly rule. See
neither (no) when traffic matches this anomaly rule. See
for more on logs.
Action
Select what the ISG50 should do when a packet matches a rule.
none: The ISG50 takes no action when a packet matches the signature(s).
block: The ISG50 silently drops packets that matches the rule. Neither sender nor
receiver are notified.
receiver are notified.
OK
Click OK to save your settings to the ISG50, complete the profile and return to the
profile summary page.
profile summary page.
Cancel
Click Cancel to return to the profile summary page without saving any changes.
Save
Click Save to save the configuration to the ISG50 but remain in the same page.
You may then go to the another profile screen (tab) in order to complete the
profile. Click OK in the final profile screen to complete the profile.
You may then go to the another profile screen (tab) in order to complete the
profile. Click OK in the final profile screen to complete the profile.
Table 139
Configuration > ADP > Profile > Protocol Anomaly (continued)
LABEL
DESCRIPTION