Billion Electric Company 6404VGP, 6404VP user manual Intrusion Detection, Block Duration

Page 55

Intrusion Detection

VoIP/(802.11g) Broadband Firewall Router

Intrusion Detection

The router’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.

Blacklist: If the router detects a possible attack, the source IP or destination IP address will be added to the Blacklist. Any further attempts using this IP address will be blocked for the time period specified as the Block Duration. The default setting for this function is false (disabled). Some attack types are denied immediately without using the Blacklist function, such as Land attack and Echo/CharGen scan.

Intrusion Detection: If enabled, IDS will block Smurf attack attempts. Default is false.

Block Duration:

Victim Protection Block Duration: This is the duration for blocking Smurf attacks. Default value is 600 seconds.

Scan Attack Block Duration: This is the duration for blocking hosts that attempt a possible Scan attack. Scan attack types include X’mas scan, IMAP SYN/FIN scan and similar attempts. Default value is 86400 seconds.

DoS Attack Block Duration: This is the duration for blocking hosts that attempt a possible Denial of Service (DoS) attack. Possible DoS attacks this attempts to block include Ascend Kill and WinNuke. Default value is 1800 seconds.

Max TCP Open Handshaking Count: This is a threshold value to decide whether a SYN Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds.

Max PING Count: This is a threshold value to decide whether an ICMP Echo Storm is occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.

Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks.

54

Chapter 4: Configuration

Image 55

Contents Version Release 5.08a BiPAC 6404VP / 6404VGPVoIP/802.11g Broadband Firewall Router User’s ManualTable of Contents VoIP Voice over Internet Protocol Firewall and Access ControlQoS Quality of Service CHAPTER 5 TROUBLESHOOTING802.11g Wireless AP with WPA Support FeaturesChapter 1 Introduction Introduction to your RouterSOHO Firewall Security with DoS and SPI Quality of Service QoSDynamic Host Configuration Protocol DHCP client and server Network Address Translation NATRich Management Interfaces Firmware UpgradeableDo not use the same power source for this router as other equipment Chapter 2 Installing the RouterImportant note for using this router Package ContentsRJ-11 connector The Front LEDsRJ-45 connector Wireless Router OnlyPhone 1X The Rear PortsPort Power Switch PWR RESET WAN LANCabling Chapter 3 Basic Installation Chapter 3 Basic InstallationATA Mode Broadband Router Mode Connecting Your Router2. Double-click Local Area Connection. See Figure Configuring PCs in Windows in Window XP4. Select Internet Protocol TCP/IP and click Properties. See Figure 2. Double-click Local Area “LAN” Connection. See Figure Configuring PCs in Windows4. Select Internet Protocol TCP/IP and click Properties See Figure 5. Then select the DNS Configuration tab. See Figure Configuring PC in Windows 95/98/ME3. Click Properties 2. Select TCP/IP Protocol and click Properties. See Figure Configuring PC in Windows NT4.0ISP setting in WAN site Factory Default SettingsWeb Interface Username and Password Device LAN IP settingsDHCP Obtain an IP Address Automatically Static IP Fixed IP Address Information from your ISPPPPoE Configuring with your Web Browser Status Chapter 4 ConfigurationATA / Router Mode Configuration Save Config to FLASHRouting Table Wireless Association Table Wireless Router OnlyStatus ARP TableExpired Table DHCP TableRIP Routing Table Leased TableVoIP Status Email StatusEvent Log Error LogNAT Sessions DiagnosticUPnP Portmap ATA / Router Mode VoIP Router FunctionsLAN NAT DHCP Server Device IP WAN System Firewall QoS Virtual Server Time Schedule AdvancedPrimary IP Address ConfigurationLAN Local Area Network EthernetIP Alias Ethernet Client Filter Default setting is set to Disable → Active PC in LANEthernet Client Filter Active PC in LAN displays a list of individual Ethernet device’s IP Address & MAC Address which connecting to the router Parameters Wireless Wireless Router OnlyWireless Distribution System WDS WPA-PSK TKIP / WPA-PSK AES Pre-Shared Key Wireless Security Wireless Router OnlyPage Wireless Client Filter Default setting is set to Disable Wireless Client / MAC Address Filter Wireless Router Only→Associated Wireless Clients DHCP Server Time Zone SystemRemote Access Firmware Upgrade Backup / Restore Restart Router User Management Firewall and Access Control General Settings Packet Filter Protocol Example Predefined Port Filters RulesTable 1 Predefined Port Filter ApplicationUDP17 Packet Filter - Add TCP/UDP Filter Packet Filter - Add Raw IP Filter Page Configuring Packet Filter Click DeleteClick Add TCP/UDP Filter Example5. The new port filter rule for HTTP is shown below Block Duration Intrusion DetectionAscend Kill Table 2 Hacker attack types recognized by the IDSIntrusion Name Detect ParameterAlways On URL Filterdropped Peer to Peer Blocking The default is set to Disabled Instant Message Blocking The default is set to DisabledIM / P2P Blocking Log information can be seen in the Status - Event Log after enabling Firewall LogVoIP Broadband Firewall Router VoIP Voice over Internet ProtocolWizard Setting for Phone PortVoice QoS User-defined Profiles Authentication Username Same as Phone NumberNOTE User defined profiles are limited to 8 only SIP Device Parameters Advanced - Parameters How to register to SIP ServerNote ONHOOK means hung up Advanced - PSTN Environment AdjustmentPhone Port Login Account ConfigurationSpeed Dial For examplesVolume Control Codec PreferencePSTN Dial Plan 1 Dial with Prefix PSTN Dial Plan Examples3 Dial at Timeout 4 Dial at Timeout no PrefixVoIP/802.11g Broadband Firewall Router VoIP Dial Plan Prefix Processing Dial Plan Rules List## xx Dial-Plan ExamplesDescription Special Dial Plan ExamplesLocalcheap.com is the default VoIP provider I set on phone port 1. When I call out any number start with 1 or 2 or 3 and plus rest of the phone number for local call, 03 is always prepended in front of these number. If 23295 are dialed, 03-2-32935 is the actual phone number called out via localcheap.com provider Mobilecheap.com is the default VoIP provider I set on phone port 2. When I call out 123-39-45678 for a mobile call, 123 is replaced with 09. Therefore, 09-39-45678 is the actual phone number called out via Mobilecheap.com provider Tone Parameters Ring & ToneCountry Specific Ring & Tone Ring ParametersOption Special Dial CodesFlash-hook High QoS Quality of ServiceClick Clear PrioritizationStandard DSCP Table 4 DSCP Mapping TableDSCP Mapping Table Wireless Router DeviceOutbound IP Throttling LAN to WAN Inbound IP Throttling WAN to LAN Example QoS for your Network VoIP Normal PCs Restricted PCConnection Diagram Information and SettingsRestricted Application Advanced setting by using IP throttlingMission-critical application Voice applicationVoIP/802.11g Broadband Firewall Router Virtual Server “Port Forwarding” Internal IP Add Virtual ServerIP Address ExampleEdit DMZ Host Global IP Address Edit One-to-One NAT Network Address TranslationSelect the Apply button to apply your changes Protocol Table 5 Well-known and registered PortsExample List of some well-known and registered port numbers Port NumberTime Schedule Delete a Time Slot Click EditConfiguration of Time Schedule Edit a Time SlotManagement and IGMP Static Route AdvancedDynamic DNS Check Email Embedded Web Server 2 Management IP accounts Device ManagementSNMP Version SNMPv2c and SNMPv3 Universal Plug and Play UPnPSNMP V1 and SNMPFrom RFC 1472 PPP/Security MIB From RFC1650 EtherLike-MIBFrom RFC 1493 Bridge MIB From RFC 1471 PPP/LCP MIBLogout Save Configuration to FlashIGMP Problem Chapter 5 TroubleshootingProblems starting up the router Problems with the LAN InterfaceContact Billion WORLDWIDE APPENDIX A Product Support and Contact Information