Billion Electric Company 7402VL Hacker attack types recognized by the IDS, Intrusion Name, Smurf

Page 67
Table 2: Hacker attack types recognized by the IDS

VoIP/(802.11g) ADSL2+ Router

Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks.

Table 2: Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter

 

 

Ascend Kill

Ascend Kill data

 

 

 

TCP

WinNuke

Port 135, 137~139,

 

Flag: URG

Smurf

ICMP type 8

Des IP is broadcast

 

Land attack

SrcIP = DstIP

Echo/CharGen Scan

UDP Echo Port and

 

CharGen Port

Echo Scan

UDP Dst Port =

Echo(7)

 

CharGen Scan

UDP Dst Port =

CharGen(19)

 

Intrusion NameDetect Parameter Blacklist Ascend KillWinNuke

Src IP

Src IP

Dst IP

Src IP

Src IP

Type of Block

Duration

DoS

DoS

Victim

Protection

Scan

Scan

SmurfLand attack Drop Packet Echo ScanCharGen Scan

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Show Log

Yes

Yes

Yes

Yes

Yes

Yes

Yes

X’mas Tree Scan

IMAP

SYN/FIN Scan

SYN/FIN/RST/ACK

Scan

Net Bus Scan

Back Orifice Scan

SYN Flood

ICMP Flood

ICMP Echo

TCP Flag: X’mas

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

TCP,

No Existing session

And Scan Hosts more than five.

TCP

No Existing session DstPort = Net Bus 12345,12346, 3456

UDP, DstPort =

Orifice Port (31337)

Max TCP Open

Handshaking Count

(Default 100 c/sec)

Max ICMP Count (Default 100 c/sec)

Max PING Count (Default 15 c/sec)

Src IP

Src IP

Src IP

SrcIP

SrcIP

Scan

Scan

Scan

Scan

Scan

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Src IP: Source IP

Src Port: Source Port

Dst Port: Destination Port

Dst IP: Destination IP

66

Chapter 4: Configuration

Image 67
Contents User’s Manual Version ReleaseBiPAC 7402VL/VGL/VGP VoIP/802.11g ADSL2+ RouterCHAPTER 1 INTRODUCTION CHAPTER 2 INSTALLING THE ROUTERCHAPTER 3 BASIC INSTALLATION CHAPTER 4 CONFIGURATIONQoS Quality of Service CHAPTER 5 TROUBLESHOOTINGAPPENDIX A PRODUCT SUPPORT AND CONTACT INFORMATION Firewall and Access ControlModels FeaturesChapter 1 Introduction Introduction to your RouterUniversal Plug and Play UPnP and UPnP NAT Traversal Quick Installation WizardQuality of Service QoS Multi-Protocol to Establish A ConnectionStatic and RIP1/2 Routing Dynamic Host Configuration Protocol DHCP client and serverFirmware Upgradeable Rich Packet FilteringDo not use the same power source for this router as other equipment Chapter 2 Installing the RouterImportant note for using this router Package ContentsRJ-11 connector The Front LEDsMeaning RJ-45 connector7402VGP The Rear Ports7402VL 7402VGLMeaning Port 1 Power Switch 2 PWR 3 RESET LAN 4 1X - 3X RJ-45 connector5 CONSOLE Phone 6 1X 2X RJ-11 connector 7 ADSL 8 Antenna 7402VGL/VGP onlyCabling Chapter 3 Basic Installation Chapter 3 Basic Installation7402VL/VGL Connecting your router7402VGP 4. Select Internet Protocol TCP/IP and click Properties. See Figure Configuring PCs in Windows in Window XPFigure 3.3 TCP / IP Figure 3.4 IP Address & DNS Configuration 2. Double-click Local Area Connection. See FigureFigure 3.5 LAN Area Connection Configuring PCs in WindowsFigure 3.8 IP Address & DNS Configuration 2. Double-click Local Area “LAN” Connection. See Figure3. Click Properties Figure 3.9 TCP / IP Configuring PC in Windows 95/98/ME5. Then select the DNS Configuration tab. See Figure Figure 3.11 DNS ConfigurationFigure 3.13 IP Address Configuring PC in Windows NT4.02. Select TCP/IP Protocol and click Properties. See Figure Figure 3.12 TCP / IPISP setting in WAN site Factory Default SettingsWeb Interface Username and Password LAN Device IP SettingsPPPoE PPPoA RFC1483 Bridged RFC1483 Routed IPoA Information from your ISPFigure 3.14 User name & Password Prompt Widonw Configuring with your Web BrowserQuick Start Configuration Chapter 4 ConfigurationSave Config to FLASH Status Wireless Association Table 7402VGL/VGP onlyARP Table Routing Table Routing TableRIP Routing Table Permanent Table DHCP TableLeased Table Expired TableVoIP Status Email StatusEvent Log NAT Sessions Error LogUPnP Portmap Quick Start VoIP/802.11g ADSL2+ Router LAN Local Area Network ConfigurationEthernet Ethernet Client Filter Ethernet Client Filter Default setting is set to DisableActive PC in LAN displays a list of individual Ethernet device’s IP Address & MAC Address which connecting to the router Parameters EnableWireless Distribution System WDS Wireless Security 7402VGL/VGP only WPA Pre-Shared KeyPage →Associated Wireless Clients Wireless Client MAC Address Filter 7402VGL/VGP onlyAssociate Wireless Client displays a list of individual wireless device’s MAC Address that currently connects to the router DHCP Server WAN Wide Area Network RFC 1483 Routed Connections Pppoe RFC 1483 Bridged ConnectionsPPPoA Routed Connections Advanced Options PPPoA ConnectionGive DNSto DHCP Server Similar to the above, but gives the DNS server address to the DHCP server IPoA Routed Connections PPPoE Connections Advanced Options PPPoE VoIP/802.11g ADSL2+ Router Chapter 4ConfigurationPage ADSL Time Zone SystemRemote Access Firmware Upgrade Backup / Restore Restart Router User Management Firewall and Access Control General Settings Packet Filter Protocol Example Predefined Port Filters RulesTable 1 Predefined Port Filter ApplicationPacket Filter - Add TCP/UDP Filter Packet Filter - Add Raw IP Filter Page 3. Click Add TCP/UDP Filter Click DeleteClick Add TCP/UDP Filter Configuring Packet Filter5. The new port filter rule for HTTP is shown below Block Duration Intrusion DetectionAscend Kill Table 2 Hacker attack types recognized by the IDSIntrusion Name Detect ParameterURL Filter Domains Filtering This function checks the domain name only, not the IP address, in URLs accessed against your list of domains to block or allow. If it is matched, the URL request will be sent Trusted or dropped Forbidden. For this function to be activated, both check-boxes must be checked. The checking procedure is Restrict URL Features This function enhances the restriction to your URL rules Log information can be seen in the Status - Event Log after enabling Firewall LogPSTN Dial Plan VoIP Voice over Internet ProtocolWizard Authentication Username Same as Phone NumberPlease refer to the description of “Setting for Phone Port 1” Setting for Phone PortSIP Device Parameters General ConfigurationRegistrar Port from VoIP device Login Account Configuration Phone ConfigurationAuthentication Username Same as Phone Number Speed Dial Codec PreferenceFor examples For Example ActionDial without Prefix Dial only the Number of Digits and not the prefix automatically Power downInternet Service fail SIP service is not available74xnumber# OptionDescription Flash-hookQoS Quality of Service High PrioritizationDSCP Mapping Table Wireless ADSL RouterTable 4 DSCP Mapping Table Standard DSCPOutbound IP Throttling LAN to WAN Inbound IP Throttling WAN to LAN Information and Settings Example QoS for your NetworkVoIP Normal PCs Restricted Connection DiagramVoice application Mission-critical applicationRestricted Application Advanced setting by using IP throttling Virtual Server “Port Forwarding” Add Virtual Server IP Address Application HTTPSever Time Schedule Always On Protocol tcpEdit DMZ Host Global IP Address Edit One-to-One NAT Network Address TranslationSelect the Apply button to apply your changes Protocol Example List of some well-known and registered port numbersTable 5 Well-known and registered Ports Port NumberTime Schedule Configuration of Time Schedule Edit a Time SlotDelete a Time Slot Click EditStatic Route AdvancedDynamic DNS Check Email Embedded Web Server Device ManagementSNMP SNMP Version SNMPv2c and SNMPv3Universal Plug and Play UPnP SNMP V1 andFrom RFC 1471 PPP/LCP MIB From RFC 1213 MIB-IIFrom RFC1650 EtherLike-MIB From RFC 1493 Bridge MIBFrom RFC1695 atmMIB From RFC 1473 PPP/IP MIBFrom RFC 1474 PPP/Bridge MIB From RFC1573 IfMIBIGMP Save Configuration to Flash Logout Problem Chapter 5 TroubleshootingProblems starting up the router Problems with the WAN InterfaceCan’t ping any PCs on the LAN Problems with the LAN InterfaceContact Billion AUSTRALIA APPENDIX A Product Support and Contact InformationWORLDWIDE