ZyXEL Communications USG 2000 Manuale Utente
Chapter 34 IDP
ZyWALL USG 2000 User’s Guide
581
34.7 Introducing IDP Custom Signatures
Create custom signatures for new attacks or attacks peculiar to your network.
Custom signatures can also be saved to/from your computer so as to share with
others.
Custom signatures can also be saved to/from your computer so as to share with
others.
You need some knowledge of packet headers and attack types to create your own
custom signatures.
custom signatures.
34.7.1 IP Packet Header
These are the fields in an Internet Protocol (IP) version 4 packet header.
Figure 411 IP v4 Packet Headers
The header fields are discussed below:
Table 157 IP v4 Packet Headers
HEADER
DESCRIPTION
Version
The value 4 indicates IP version 4.
IHL
IP Header Length is the number of 32 bit words forming the total
length of the header (usually five).
length of the header (usually five).
Type of Service
The Type of Service, (also known as Differentiated Services Code
Point (DSCP)) is usually set to 0, but may indicate particular
quality of service needs from the network.
Point (DSCP)) is usually set to 0, but may indicate particular
quality of service needs from the network.
Total Length
This is the size of the datagram in bytes. It is the combined length
of the header and the data.
of the header and the data.
Identification
This is a 16-bit number, which together with the source address,
uniquely identifies this packet. It is used during reassembly of
fragmented datagrams.
uniquely identifies this packet. It is used during reassembly of
fragmented datagrams.
Flags
Flags are used to control whether routers are allowed to fragment
a packet and to indicate the parts of a packet to the receiver.
a packet and to indicate the parts of a packet to the receiver.
Fragment Offset
This is a byte count from the start of the original sent packet.