Filter
Top Products
Network > Interfaces
202
SonicOS 5.8.1 Administrator Guide
Based on the source and destination, the packet’s directionality is categorized as either
Incoming or Outgoing, (not to be confused with Inbound and Outbound) where the following
criteria is used to make the determination:
Table data is subject to change.
In addition to this categorization, packets traveling to/from zo
nes with levels of additional
trust, which are inherently afforded heightened levels of security
(LAN|Wireless|Encrypted<-->LAN|Wireless|Encrypted) are given the special Trust
classification. Traffic with the Trust classification has all signatures applied (Incoming,
Outgoing, and Bidirectional).
3. The direction of the signature. This pertains primarily to IPS, where each signature is
assigned a direction by SonicWALL’s signature development team. This is done as an
optimization to minimize false positives. Signature directions are:
–
Incoming – Applies to Incoming and Trust. The majority of signatures are Incoming, and
they include all forms of application exploits and all enumeration and footprinting
attempts. Approximately 85% of signatures are Incoming.
–
Outgoing – Applies to Outgoing and Trust. Examples of Outgoing signatures would
include IM and P2P login attempts, and responses to successfully launched exploits
(e.g. Attack Responses). Approximately 10% of signatures are Outgoing.
–
Bidirectional – Applies to all. Examples of Bidirectional signatures would include IM file
transfers, various NetBIOS attacks (e.g. Sasser communications) and a variety of DoS
attacks (e.g. UDP/TCP traffic destined to port 0). Approximately 5% of signatures are
Bidirectional.
4. Zone application. For a signature to be triggered, the desired security service must be
active on at least one of the zones it traverses. For example, a host on the Internet (X1,
WAN) accessing a Microsoft Terminal Server (on X3, Secondary Bridge Interface, LAN) will
trigger the Incoming signature “IPS Detection Alert: MISC MS Terminal server request, SID:
436, Priority: Low” if IPS is active on the WAN, the LAN, or both.
Dest
Src
Untrusted Public Wireless Encrypted Trusted Multicast
Untrusted Incoming Incoming Incoming Incoming Incoming Incoming
Public Outgoing Outgoing Outgoing Incoming Incoming Incoming
Wireless Outgoing Outgoing Trust Trust Trust Incoming
Encrypted Outgoing Outgoing Trust Trust Trust Outgoing
Trusted Outgoing Outgoing Trust Trust Trust Outgoing