2 signature – AirLive RS-3000 User Manual

19.2 Signature

The RS-3000 can provide the correspond comparison rules included Anomaly, Pre-defined and

Custom according to different attack types.

The Anomaly can detect and prevent the anomaly flow and packets via the signature updating. The

Pre-defined can also detect and prevent the intrusion through the signature updating. Both the

anomaly and pre-defined signatures can not be deleted or modified. The Custom can detect the other

internet attacks, anomaly flow packets except the original Anomaly and Pre-defined detection

according to the user demand.

Anomaly:



It includes the syn flood, udp flood, icmp flood, syn fin, tcp no flag, fin no ack, tcp land, larg icmp,

ip record route, ip strict src record route, ip loose src record route, invalid url, winnuke, bad ip

protocol, portscan and http inspect, such Anomaly detection signatures. (Figure 19-2)



User can enable the anomaly packets signature to detect, depends on the user demand.



User can manage the specific anomaly flow packets.



User can modify the action of pass, drop and log.



The RS-3000 can display all the anomaly detection signature attribute of Name, Enable, Risk,

Action, and Log.

Figure19-2

The anomaly signature setting

214