Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding IDP Custom Attack Objects Service Contexts

The service or application binding field specifies the service that the attack uses to enter your network.

Note:

Specify either the service or the protocol binding in a custom attack. In case you specify both, the service binding takes precedence.

  • any—Specify any if you are unsure of the correct service and want to match the signature in all services. Because some attacks use multiple services to attack your network, you might want to select the Any service binding to detect the attack regardless of which service the attack chooses for a connection.

  • service—Most attacks use a specific service to attack your network. You can select the specific service used to perpetrate the attack as the service binding.

    Table 1 displays supported services and default ports associated with the services.

    Table 1: Supported Services for Service Bindings

    Service

    Description

    Default Port

    aim

    AOL Instant Messenger. America Online Internet service provider (ISP) provides Internet, chat, and instant messaging applications.

    TCP/5190

    bgp

    Border Gateway Protocol

    TCP/179

    chargen

    Character Generator Protocol is a UDP- or TCP-based debugging and measurement tool.

    TCP/19, UDP/19

    dhcp

    Dynamic Host Configuration Protocol allocates network addresses and delivers configuration parameters from server to hosts.

    UDP/67, UDP/68

    discard

    Discard protocol is an Application Layer protocol that describes a process for discarding TCP or UDP data sent to port 9.

    TCP/9, UDP/9

    dns

    Domain Name System translates domain names into IP addresses.

    TCP/53, UDP/53

    echo

    Echo

    TCP/7, UDP/7

    finger

    Finger is a UNIX program that provides information about users.

    TCP/79, UDP/79

    ftp

    File Transfer Protocol (FTP) allows the sending and receiving of files between machines.

    TCP/21, UDP/21

    gGnutella

    Gnutella is a public domain file sharing protocol that operates over a distributed network.

    TCP/6346

    gopher

    Gopher organizes and displays Internet servers' contents as a hierarchically structured list of files.

    TCP/70

    h225ras

    H.225.0/RAS (Registration, Admission, and Status)

    UDP/1718, UDP/1719

    http

    HyperText Transfer Protocol is the underlying protocol used by the World Wide Web (WWW).

    TCP/80, TCP/81, TCP/88, TCP/3128, TCP/7001 (Weblogic), TCP/8000, TCP/8001, TCP/8100 (JRun), TCP/8200 (JRun), TCP/8080, TCP/8888 (Oracle-9i), TCP/9080 (Websphere), UDP/80

    icmp

    Internet Control Message Protocol

    ident

    Identification protocol is a TCP/IP Application Layer protocol used for TCP client authentication.

    TCP/113

    ike

    Internet Key Exchange protocol (IKE) is a protocol to obtain authenticated keying material for use with ISAKMP.

    UDP/500

    imap

    Internet Message Access Protocol is used for retrieving messages.

    TCP/143, UDP/143

    irc

    Internet Relay Chat (IRC) allows people connected to the Internet to join live discussions.

    TCP/6667

    ldap

    Lightweight Directory Access Protocol is a set of protocols used to access information directories.

    TCP/389

    lpr

    Line Printer Daemon protocol is a TCP-based protocol used for printing applications.

    TCP/515

    msn

    Microsoft Network Messenger is a utility that allows you to send instant messages and talk online.

    TCP/1863

    msrpc

    Microsoft Remote Procedure Call

    TCP/135, UDP/135

    mssql

    Microsoft SQL is a proprietary database server tool that allows for the creation, access, modification, and protection of data.

    TCP/1433, TCP/3306

    mysql

    MySQL is a database management system available for both Linux and Windows.

    TCP/3306

    nbds

    NetBIOS Datagram Service application, published by IBM, provides connectionless (datagram) applications to PCs connected with a broadcast medium to locate resources, initiate sessions, and terminate sessions. It is unreliable and the packets are not sequenced.

    UDP/137 (NBName), UDP/138 (NBDS)

    nfs

    Network File System uses UDP to allow network users to access shared files stored on computers of different types. SUN RPC is a building block of NFS.

    TCP/2049, UDP/2049

    nntp

    Network News Transport Protocol is a protocol used to post, distribute, and retrieve USENET messages.

    TCP/119

    ntp

    Network Time Protocol provides a way for computers to synchronize to a time reference.

    UDP/123

    pop3

    Post Office Protocol is used for retrieving e-mail.

    UDP/110, TCP/110

    prtmapper

    Service that runs on nodes on the Internet to map an ONC RPC program number to the network address of the server that listens for the program number.

    TCP/111, UDP/111

    radius

    Remote Authentication Dial-In User Service application is a server program used for authentication and accounting purposes.

    UDP/1812, UDP/1813

    rexec

    Rexec

    TCP/512

    rlogin

    RLOGIN starts a terminal session on a remote host.

    TCP/513

    rsh

    RSH executes a shell command on a remote host.

    TCP/514

    rtsp

    Real-Time Streaming Protocol (RTSP) is for streaming media applications

    TCP/554

    sip

    Session Initiation Protocol (SIP) is an Application Layer control protocol for creating, modifying, and terminating sessions.

    TCP/5060, UDP/5060

    smb

    Server Message Block (SMB) over IP is a protocol that allows you to read and write files to a server on a network.

    TCP/139, TCP/445

    smtp

    Simple Mail Transfer Protocol is used to send messages between servers.

    TCP/25, UDP/25

    snmp

    Simple Network Management Protocol is a set of protocols for managing complex networks.

    TCP/161, UDP/161

    snmptrap

    SNMP trap

    TCP/162, UDP/162

    sqlmon

    SQL monitor (Microsoft)

    UDP/1434

    ssh

    SSH is a program to log into another computer over a network through strong authentication and secure communications on a channel that is not secure.

    TCP/22, UDP/22

    ssl

    Secure Sockets Layer

    TCP/443, TCP/80

    syslog

    Syslog is a UNIX program that sends messages to the system logger.

    UDP/514

    tlnet

    Telnet is a UNIX program that provides a standard method of interfacing terminal routers and terminal-oriented processes to each other.

    TCP/23, UDP/23

    tns

    Transparent Network Substrate

    TCP/1521, TCP/1522, TCP/1523, TCP/1524, TCP/1525, TCP/1526, TCP/1527, TCP/1528, TCP/1529, TCP/1530, TCP/2481, TCP/1810, TCP/7778

    tftp

    Trivial File Transfer Protocol

    UDP/69

    vnc

    Virtual Network Computing facilitates viewing and interacting with another computer or mobile router connected to the Internet.

    TCP/5800, TCP/5900

    whois

    Network Directory Application Protocol is a way to look up domain names.

    TCP/43

    ymsg

    Yahoo! Messenger is a utility that allows you to check when others are online, send instant messages, and talk online.

    TCP/5050