advertisement
Intrusion Detection
The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.
Blacklist: If the router detects a possible attack, the source IP or destination IP address will be added to the Blacklist. Any further attempts using this IP address will be blocked for the time period specified as the Block Duration. The default setting for this function is false (disabled). Some attack types are denied immediately without using the Blacklist function, such as Land attack and Echo/
CharGen scan.
Intrusion Detection : If enabled, IDS will block Smurf attack attempts. Default is false.
Block Duration:
L Victim Protection Block Duration : This is the duration for blocking Smurf attacks. Default value is 600 seconds.
L Scan Attack Block Duration : This is the duration for blocking hosts that attempt a possible
Scan attack. Scan attack types include X’mas scan, IMAP SYN/FIN scan and similar attempts.
Default value is 86400 seconds.
L DoS Attack Block Duration : This is the duration for blocking hosts that attempt a possible
Denial of Service (DoS) attack. Possible DoS attacks this attempts to block include Ascend Kill and
WinNuke . Default value is 1800 seconds.
Max TCP Open Handshaking Count : This is a threshold value to decide whether a SYN Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds.
Max PING Count : This is a threshold value to decide whether an ICMP Echo Storm is occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.
Max ICMP Count : This is a threshold to decide whether an ICMP flood is occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It
74
cannot protect against such attacks.
Intrusion Name Detect Parameter Blacklist
Type of Block
Duration
Ascend Kill Ascend Kill data Src IP DoS
WinNuke
Smurf
TCP Port
135,
137~139, Flag:
URG
ICMP type 8
Des IP is broadcast
SrcIP = DstIP
Src IP
Dst IP
DoS
Victim
Protection
Land attack
Echo/CharGen
Scan
Echo Scan
CharGen Scan
Table 2: Hacker attack types recognized by the IDS
UDP Echo Port and CharGen Port
UDP Dst Port =
Echo(7)
UDP Dst Port =
CharGen(19)
Src IP
Src IP
Scan
Scan
Drop
Packet
Yes
Yes
Yes
Yes
Yes
Yes
Yes
X’mas Tree Scan TCP Flag: X’mas Src IP
IMAP
SYN/FIN Scan
TCP Flag: SYN/
FIN DstPort:
IMAP(143)
SrcPort: 0 or
65535
Src IP
Scan
Scan
Yes
Yes
SYN/FIN/RST/ACK
Scan
Net Bus Scan
Back Orifice Scan
SYN Flood
ICMP Flood
TCP,
No Existing session And Scan
Hosts more than five.
TCP
No Existing session
DstPort = Net Bus
12345,12346,
3456
UDP, DstPort
= Orifice Port
(31337)
Max TCP Open
Handshaking
Count (Default
100 c/sec)
Max ICMP Count
(Default 100 c/ sec)
Src IP
SrcIP
SrcIP
75
Scan
Scan
Scan
Yes
Yes
Yes
Show Log
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
ICMP Echo
Max PING Count
(Default 15 c/sec)
Src IP : Source IP
Src Port : Source Port
Dst Port : Destination Port
Dst IP : Destination IP
Yes
76
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 5 Features
- 9 The Front LEDs
- 10 The Rear Ports
- 11 Cabling
- 24 ADSL Status
- 24 ARP Table
- 25 DHCP Table
- 26 Routing Table
- 28 NAT Sessions
- 28 UPnP Portmap
- 29 VoIP Status
- 29 VoIP Call Log
- 30 Event Log
- 30 Error Log
- 31 Diagnostic
- 38 LAN - Local Area Network
- 51 WAN - Wide Area Network
- 60 Time Zone
- 61 Remote Access
- 61 Firmware Upgrade
- 62 Backup / Restore
- 63 Restart Router
- 64 User Management
- 67 General Settings
- 69 Packet Filter
- 78 Intrusion Detection
- 81 URL Filter
- 84 IM / P2P Blocking
- 85 Firewall Log
- 87 SIP Device Parameters
- 90 SIP Accounts
- 91 Phone Port
- 93 PSTN Dial Plan (Router with LINE port only)
- 97 VoIP Dial Plan
- 102 Call Feature
- 102 Speed Dial
- 102 Ring & Tone
- 105 Prioritization
- 106 Outbound IP Throttling (LAN to WAN)
- 108 Inbound IP Throttling (WAN to LAN)
- 115 Add Virtual Server
- 117 Edit DMZ Host
- 123 Configuration of Time Schedule
- 128 Device Management
- 132 VLAN Bridge