IDP Custom Attack Objects Service Contexts
The service or application binding field specifies the service that the attack uses to enter your network.
Specify either the service or the protocol binding in a custom attack. In case you specify both, the service binding takes precedence.
Understanding IDP Custom Attack Objects Service Contexts
any—Specify any if you are unsure of the correct service and want to match the signature in all services. Because some attacks use multiple services to attack your network, you might want to select the Any service binding to detect the attack regardless of which service the attack chooses for a connection.
service—Most attacks use a specific service to attack your network. You can select the specific service used to perpetrate the attack as the service binding.
Table 1 displays supported services and default ports associated with the services.
Table 1: Supported Services for Service Bindings
AOL Instant Messenger. America Online Internet service provider (ISP) provides Internet, chat, and instant messaging applications.
Border Gateway Protocol
Character Generator Protocol is a UDP- or TCP-based debugging and measurement tool.
Dynamic Host Configuration Protocol allocates network addresses and delivers configuration parameters from server to hosts.
Discard protocol is an Application Layer protocol that describes a process for discarding TCP or UDP data sent to port 9.
Domain Name System translates domain names into IP addresses.
Finger is a UNIX program that provides information about users.
File Transfer Protocol (FTP) allows the sending and receiving of files between machines.
Gnutella is a public domain file sharing protocol that operates over a distributed network.
Gopher organizes and displays Internet servers' contents as a hierarchically structured list of files.
H.225.0/RAS (Registration, Admission, and Status)
HyperText Transfer Protocol is the underlying protocol used by the World Wide Web (WWW).
TCP/80, TCP/81, TCP/88, TCP/3128, TCP/7001 (Weblogic), TCP/8000, TCP/8001, TCP/8100 (JRun), TCP/8200 (JRun), TCP/8080, TCP/8888 (Oracle-9i), TCP/9080 (Websphere), UDP/80
Internet Control Message Protocol
Identification protocol is a TCP/IP Application Layer protocol used for TCP client authentication.
Internet Key Exchange protocol (IKE) is a protocol to obtain authenticated keying material for use with ISAKMP.
Internet Message Access Protocol is used for retrieving messages.
Internet Relay Chat (IRC) allows people connected to the Internet to join live discussions.
Lightweight Directory Access Protocol is a set of protocols used to access information directories.
Line Printer Daemon protocol is a TCP-based protocol used for printing applications.
Microsoft Network Messenger is a utility that allows you to send instant messages and talk online.
Microsoft Remote Procedure Call
Microsoft SQL is a proprietary database server tool that allows for the creation, access, modification, and protection of data.
MySQL is a database management system available for both Linux and Windows.
NetBIOS Datagram Service application, published by IBM, provides connectionless (datagram) applications to PCs connected with a broadcast medium to locate resources, initiate sessions, and terminate sessions. It is unreliable and the packets are not sequenced.
UDP/137 (NBName), UDP/138 (NBDS)
Network File System uses UDP to allow network users to access shared files stored on computers of different types. SUN RPC is a building block of NFS.
Network News Transport Protocol is a protocol used to post, distribute, and retrieve USENET messages.
Network Time Protocol provides a way for computers to synchronize to a time reference.
Post Office Protocol is used for retrieving e-mail.
Service that runs on nodes on the Internet to map an ONC RPC program number to the network address of the server that listens for the program number.
Remote Authentication Dial-In User Service application is a server program used for authentication and accounting purposes.
RLOGIN starts a terminal session on a remote host.
RSH executes a shell command on a remote host.
Real-Time Streaming Protocol (RTSP) is for streaming media applications
Session Initiation Protocol (SIP) is an Application Layer control protocol for creating, modifying, and terminating sessions.
Server Message Block (SMB) over IP is a protocol that allows you to read and write files to a server on a network.
Simple Mail Transfer Protocol is used to send messages between servers.
Simple Network Management Protocol is a set of protocols for managing complex networks.
SQL monitor (Microsoft)
SSH is a program to log into another computer over a network through strong authentication and secure communications on a channel that is not secure.
Secure Sockets Layer
Syslog is a UNIX program that sends messages to the system logger.
Telnet is a UNIX program that provides a standard method of interfacing terminal routers and terminal-oriented processes to each other.
Transparent Network Substrate
TCP/1521, TCP/1522, TCP/1523, TCP/1524, TCP/1525, TCP/1526, TCP/1527, TCP/1528, TCP/1529, TCP/1530, TCP/2481, TCP/1810, TCP/7778
Trivial File Transfer Protocol
Virtual Network Computing facilitates viewing and interacting with another computer or mobile router connected to the Internet.
Network Directory Application Protocol is a way to look up domain names.
Yahoo! Messenger is a utility that allows you to check when others are online, send instant messages, and talk online.