[Contents] [Prev] [Next] [Index] [Report an Error]

Protocol or Port Bindings

Protocol or port bindings allow you to specify the protocol that an attack uses to enter your network. You can specify the name of the network protocol, or the protocol number.

Note: Specify either the service or the protocol binding in a custom attack. In case you specify both, the service binding takes precedence.

IP—You can specify any of the supported network layer protocols using protocol numbers. Table 100 lists protocol numbers for different protocols.

Table 100: Supported Protocols and Protocol Numbers

Protocol Name	Protocol Number
IGMP	2
IPIP	4
EGP	8
PUP	12
TP	29
IPV6	41
ROUTING	43
FRAGMENT	44
RSVP	46
GRE	47
ESP	50
AH	51
ICMPV6	58
NONE	59
DSTOPTS	60
MTP	92
ENCAP	98
PIM	103
COMP	108
RAW	255

ICMP, TCP, and UDP—Attacks that do not use a specific service might use specific ports to attack your network. Some TCP and UDP attacks use standard ports to enter your network and establish a connection.
RPC—The remote procedure call (RPC) protocol is used by distributed processing applications to handle interaction between processes remotely. When a client makes a remote procedure call to an RPC server, the server replies with a remote program; each remote program uses a different program number. To detect attacks that use RPC, configure the service binding as RPC and specify the RPC program ID.

Table 101 displays sample formats for key protocols.

Table 101: Sample Formats for Protocols

Protocol Name	Protocol Number	Description
ICMP	<Port>ICMP</Port>	Specify the protocol name.
IP	<Port>IP/protocol-number</Port>	Specify the Network Layer protocol number.
RPC	<Port>RPC/program-number</Port>	Specify the RPC program number.
TCP or UDP	<Port>TCP </Port> <Port>TCP/port </Port> <Port>TCP/minport-maxport </Port>	Specifying the port is optional for TCP and UDP protocols. For example, you can specify either of the following: <Port>UDP</Port> <Port>UDP/10</Port> <Port>UDP/10-100</Port>

[Contents] [Prev] [Next] [Index] [Report an Error]