Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Understanding IDP Protocol Anomaly-Based Attacks

    A protocol anomaly attack object detects unknown or sophisticated attacks that violate protocol specifications (RFCs and common RFC extensions). You cannot create new protocol anomalies, but you can configure a new attack object that controls how your device handles a predefined protocol anomaly when detected.

    The following properties are specific to protocol anomaly attacks:

    • Attack direction
    • Test condition

    When configuring protocol anomaly-based attacks, keep the following in mind:

    • The service or application binding is a mandatory field for protocol anomaly attacks. Besides the supported applications, services also include IP, TCP, UDP, ICMP, and RPC.
    • The attack direction and test condition properties are mandatory fields for configuring anomaly attack definitions.

    Published: 2012-06-29