802.11g ADSL2+ VPN Firewall Router
Chapter 4: Configuration
Table 2: Hacker attack types recognized by the IDS Intrusion Name Detect Parameter Blacklist Type of Block
Duration Drop Packet Show Log
Ascend Kill Ascend Kill data Src IP DoS Yes Yes
WinNuke TCP
Port 135, 137~139,
Flag: URG
Src IP DoS Yes Yes
Smurf ICMP type 8
Des IP is broadcast Dst IP Victim
Protection Yes Ye s
Land attack SrcIP = DstIP Yes Yes
Echo/CharGen Scan UDP Echo Port and
CharGen Port Yes Ye s
Echo Scan UDP Dst Port =
Echo(7) Src IP Scan Yes Yes
CharGen Scan UDP Dst Port =
CharGen(19) Src IP Scan Yes Yes
X’mas Tree Scan TCP Flag: X’mas Src IP Scan Yes Yes
IMAP
SYN/FIN Scan
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
Src IP Scan Yes Yes
SYN/FIN/RST/ACK
Scan
TCP,
No Existing session
A
nd Scan Hosts
more than five.
Src IP Scan Yes Yes
Net Bus Scan
TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456
SrcIP Scan Yes Yes
Back Orifice Scan UDP, DstPort =
Orifice Port (31337) SrcIP Scan Yes Yes
SYN Flood Max TCP Open
Handshaking Count
(Default 100 c/sec)
Ye s
ICMP Flood Max ICMP Count
(Default 100 c/sec) Yes
ICMP Echo Max PING Count
(Default 15 c/sec) Ye s
Src IP: Source IP Src Port: Source Port
Dst Port: Destination Port Dst IP: Destination IP
73