IDP Custom Attack Objects Service Contexts

You can create and manage your own custom attack objects in the IDP system. These objects are tailored to meet your specific security needs. They can be used to detect and prevent unique or emerging threats that might not be covered by default attack objects provided by the vendor.

IDP custom attack objects service contexts allow users to create and manage their own custom attack objects in the IDP system. These objects are tailored to meet specific security needs and can be used to detect and prevent unique or emerging threats that may not be covered by default attack objects provided by the vendor.

Service contexts are the specific conditions or criteria under which the custom attack objects are triggered. These contexts might include various network parameters, traffic types, application behaviors, or any other relevant criteria that can be used to detect anomalous or malicious activities.

The custom objects provide the flexibility to address specific threats and compliance requirements, offering a proactive defense strategy against emerging and unique security challenges

The service or application binding field specifies the service that the attack uses to enter your network.

Specify either the service or the protocol binding in a custom attack. In case, you specify both, the service binding takes precedence.

• any—Specify any if you are unsure of the correct service and want to match the signature in all services. Because some attacks use multiple services to attack your network, you might want to select the Any service binding to detect the attack regardless of which service the attack chooses for a connection.

• service—Most attacks use a specific service to attack your network. You can select the specific service used to perpetrate the attack as the service binding.

  Table 1 displays supported services and default ports associated with the services.

  Table 1: Supported Services for Service Bindings

  Service	Description	Default Port
  aim	AOL Instant Messenger. America Online (ISP) provides Internet, chat, and instant messaging applications.	TCP/5190
  bgp	Border Gateway Protocol	TCP/179
  chargen	Character Generator Protocol is a UDP- or TCP-based debugging and measurement tool.	TCP/19, UDP/19
  dhcp	DHCP allocates network addresses and delivers configuration parameters from server to hosts.	UDP/67, UDP/68
  discard	Discard protocol is an Application Layer protocol that describes a process for discarding TCP or UDP data sent to port 9.	TCP/9, UDP/9
  dns	DNS translates domain names into IP addresses.	TCP/53, UDP/53
  echo	Echo	TCP/7, UDP/7
  finger	Finger is a UNIX program that provides information about users.	TCP/79, UDP/79
  ftp	FTP allows the sending and receiving of files between machines.	TCP/21, UDP/21
  gGnutella	Gnutella is a public domain file sharing protocol that operates over a distributed network.	TCP/6346
  gopher	Gopher organizes and displays Internet servers' contents as a hierarchically structured list of files.	TCP/70
  h225ras	H.225.0/RAS (Registration, Admission, and Status)	UDP/1718, UDP/1719
  http	HyperText Transfer Protocol is the underlying protocol used by the World Wide Web (WWW).	TCP/80, TCP/81, TCP/88, TCP/3128, TCP/7001 (Weblogic), TCP/8000, TCP/8001, TCP/8100 (JRun), TCP/8200 (JRun), TCP/8080, TCP/8888 (Oracle-9i), TCP/9080 (Websphere), UDP/80
  icmp	Internet Control Message Protocol
  ident	Identification protocol is a TCP/IP Application Layer protocol used for TCP client authentication.	TCP/113
  ike	Internet Key Exchange protocol (IKE) is a protocol to obtain authenticated keying material for use with ISAKMP.	UDP/500
  imap	Internet Message Access Protocol is used for retrieving messages.	TCP/143, UDP/143
  irc	Internet Relay Chat (IRC) allows people connected to the Internet to join live discussions.	TCP/6667
  ldap	Lightweight Directory Access Protocol is a set of protocols used to access information directories.	TCP/389
  lpr	Line Printer Daemon protocol is a TCP-based protocol used for printing applications.	TCP/515
  msn	Microsoft Network Messenger is a utility that allows you to send instant messages and talk online.	TCP/1863
  msrpc	Microsoft Remote Procedure Call	TCP/135, UDP/135
  mssql	Microsoft SQL is a proprietary database server tool that allows for the creation, access, modification, and protection of data.	TCP/1433, TCP/3306
  mysql	MySQL is a database management system available for both Linux and Windows.	TCP/3306
  nbds	NetBIOS Datagram Service application, published by IBM, provides connectionless (datagram) applications to PCs connected with a broadcast medium to locate resources, initiate sessions, and terminate sessions. It is unreliable and the packets are not sequenced.	UDP/137 (NBName), UDP/138 (NBDS)
  nfs	Network File System uses UDP to allow network users to access shared files stored on computers of different types. SUN RPC is a building block of NFS.	TCP/2049, UDP/2049
  nntp	Network News Transport Protocol is a protocol used to post, distribute, and retrieve USENET messages.	TCP/119
  ntp	Network Time Protocol provides a way for computers to synchronize to a time reference.	UDP/123
  pop3	Post Office Protocol is used for retrieving e-mail.	UDP/110, TCP/110
  prtmapper	Service that runs on nodes on the Internet to map an ONC RPC program number to the network address of the server that listens for the program number.	TCP/111, UDP/111
  radius	Remote Authentication Dial-In User Service application is a server program used for authentication and accounting purposes.	UDP/1812, UDP/1813
  rexec	Rexec	TCP/512
  rlogin	RLOGIN starts a terminal session on a remote host.	TCP/513
  rsh	RSH executes a shell command on a remote host.	TCP/514
  rtsp	Real-Time Streaming Protocol (RTSP) is for streaming media applications	TCP/554
  sip	Session Initiation Protocol (SIP) is an Application Layer control protocol for creating, modifying, and terminating sessions.	TCP/5060, UDP/5060
  smb	Server Message Block (SMB) over IP is a protocol that allows you to read and write files to a server on a network.	TCP/139, TCP/445
  smtp	Simple Mail Transfer Protocol is used to send messages between servers.	TCP/25, UDP/25
  snmp	Simple Network Management Protocol is a set of protocols for managing complex networks.	TCP/161, UDP/161
  snmptrap	SNMP trap	TCP/162, UDP/162
  sqlmon	SQL monitor (Microsoft)	UDP/1434
  ssh	SSH is a program to log into another computer over a network through strong authentication and secure communications on a channel that is not secure.	TCP/22, UDP/22
  ssl	Secure Sockets Layer	TCP/443, TCP/80
  syslog	Syslog is a UNIX program that sends messages to the system logger.	UDP/514
  tlnet	Telnet is a UNIX program that provides a standard method of interfacing terminal routers and terminal-oriented processes to each other.	TCP/23, UDP/23
  tns	Transparent Network Substrate	TCP/1521, TCP/1522, TCP/1523, TCP/1524, TCP/1525, TCP/1526, TCP/1527, TCP/1528, TCP/1529, TCP/1530, TCP/2481, TCP/1810, TCP/7778
  tftp	Trivial File Transfer Protocol	UDP/69
  vnc	Virtual Network Computing facilitates viewing and interacting with another computer or mobile router connected to the Internet.	TCP/5800, TCP/5900
  whois	Network Directory Application Protocol is a way to look up domain names.	TCP/43
  ymsg	Yahoo! Messenger is a utility that allows you to check when others are online, send instant messages, and talk online.	TCP/5050