I-FLY WIRELESS ROUTER ADSL
•Scan Attack Block Duration: This is the duration for blocking hosts that attempt a possible Scan attack. Scan attack types include X’mas scan, IMAP SYN/FIN scan and similar attempts. Default value is 86400 seconds.
•Victim Protection Block Duration: This is the duration for blocking Smurf attacks. Default value is 600 seconds.
Victim Protection: If enabled, IDS will block Smurf attack attempts. Default is false.
Max TCP Open Handshaking Count: This is a threshold value to decide whether a SYN Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds.
Max PING Count: This is a threshold value to decide whether an ICMP Echo Storm is occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.
Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks.
Hacker attack types recognized by the IDS
Attack | Detect Parameter | Blacklist | Type of Block | Drop | Show |
|
|
| Duration | Packet | Log |
Ascend Kill | Ascend Kill | Src IP | DoS | Yes | Yes |
Win Nuke | TCP, Port=135, | Src IP | DoS | Yes | Yes |
| Flag:URG |
|
|
|
|
Smurf | ICMP type 8 | Dst IP | Victim | Yes | Yes |
| Des IP is broadcast |
| Protection |
|
|
Land Attack | SrcIP = DstIP |
|
| Yes | Yes |
Echo/CharGen | UDP Echo Port and |
|
| Yes | Yes |
Scan | CharGen Port |
|
|
|
|
Echo Scan | UDP Dst Port =Echo(7) | Src IP | Scan | Yes | Yes |
CharGen Scan | UDP Dst Port =CharGen(19) | Src IP | Scan | Yes | Yes |
X’Mas Tree Scan | TCP Flag: X’mas | Src IP | Scan | Yes | Yes |
IMAP SYN/FIN | TCP Flag: SYN/FIN | Src IP | Scan | Yes | Yes |
Scan | DstPort: IMAP(143) |
|
|
|
|
38