Table 2: Hacker attack types recognized by the IDS

Billion BIPAC-7402 / 7402W (Wireless) ADSL VPN Firewall Router with 3DES Accelerator

Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks.

Table 2: Hacker attack types recognized by the IDS

Intrusion Name

Ascend Kill

WinNuke

Detect Parameter Blacklist

 

Ascend Kill data

Src IP

 

 

 

 

TCP

 

 

Port 135, 137~139,

Src IP

 

Flag: URG

 

 

 

 

Type of

Block

Duration

DoS

DoS

Drop

Packet

Yes

Yes

Show Log

Yes

Yes

Smurf

Land attack

Echo/CharGen Scan Intrusion NameAscend Kill

Echo Scan

CharGen Scan

X’mas Tree Scan

IMAP

SYN/FIN Scan

SYN/FIN/RST/ACK

Scan

Net Bus Scan

Back Orifice Scan

SYN Flood

ICMP Flood

ICMP Echo

ICMP type 8

Des IP is broadcast

SrcIP = DstIP

UDP Echo Port and

CharGen Port

UDP Dst Port =

Echo(7)

UDP Dst Port =

CharGen(19)

TCP Flag: X’mas

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

TCP,

No Existing session

And Scan Hosts more than five.

TCP

No Existing session DstPort = Net Bus 12345,12346, 3456

UDP, DstPort =

Orifice Port (31337)

Max TCP Open

Handshaking Count

(Default 100 c/sec)

Max ICMP Count (Default 100 c/sec)

Max PING Count (Default 15 c/sec)

Dst IP

Src IP

Src IP

Src IP

Src IP

Src IP

SrcIP

SrcIP

Victim

Protection

Scan

Scan

Scan

Scan

Scan

Scan

Scan

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Src IP: Source IP

Src Port: Source Port

Dst Port: Destination Port

Dst IP: Destination IP

63

Chapter 4: Configuration

Page 69
Image 69
Billion Electric Company 7402 Hacker attack types recognized by the IDS, Intrusion Name, Detect Parameter Blacklist