
Billion 800VGT Router
Table 2: Hacker attack types recognized by the IDS
Intrusion Name
Detect Parameter Blacklist
Type of Block Drop Packet Duration
Show Log
Ascend Kill | Ascend Kill data |
| Src IP | DoS | Yes | Yes | |||
|
|
|
|
|
|
|
|
| |
| TCP |
|
|
|
|
|
|
| |
WinNuke | Port 135, 137~139, | Src IP | DoS | Yes | Yes | ||||
| Flag: URG |
|
|
|
|
|
| ||
|
|
|
|
|
|
|
| ||
Smurf | ICMP type 8 |
|
| Dst IP | Victim | Yes | Yes | ||
Des IP is broadcast | Protection | ||||||||
|
|
|
|
|
|
| |||
Land attack | SrcIP = DstIP |
|
|
| Yes | Yes | |||
|
|
|
|
|
| ||||
Echo/CharGen Scan | UDP Echo Port and |
|
| Yes | Yes | ||||
CharGen Port |
|
|
| ||||||
|
|
|
|
|
| ||||
|
|
|
|
|
|
|
|
| |
Echo Scan | UDP | Dst | Port | = | Src IP | Scan | Yes | Yes | |
| Echo(7) |
|
|
|
|
|
| ||
|
|
|
|
|
|
|
|
| |
CharGen Scan | UDP | Dst | Port | = | Src IP | Scan | Yes | Yes | |
| CharGen(19) |
|
|
|
|
| |||
X’mas Tree Scan | TCP Flag: X’mas |
| Src IP | Scan | Yes | Yes | |||
|
|
|
|
|
| ||||
IMAP | TCP Flag: SYN/FIN |
|
|
|
| ||||
DstPort: IMAP(143) | Src IP | Scan | Yes | Yes | |||||
SYN/FIN Scan | |||||||||
SrcPort: 0 or 65535 |
|
|
|
| |||||
|
|
|
|
| |||||
|
|
|
|
|
|
|
|
| |
| TCP, |
|
|
|
|
|
|
| |
SYN/FIN/RST/ACK | No Existing session | Src IP | Scan | Yes | Yes | ||||
Scan | And | Scan | Hosts |
|
|
|
| ||
| more than five. |
|
|
|
|
| |||
| TCP |
|
|
|
|
|
|
| |
Net Bus Scan | No Existing session | SrcIP | Scan | Yes | Yes | ||||
| DstPort = Net Bus |
|
|
|
| ||||
| 12345,12346, 3456 |
|
|
|
| ||||
|
|
|
|
|
|
|
| ||
Back Orifice Scan | UDP, | DstPort | = | SrcIP | Scan | Yes | Yes | ||
| Orifice Port (31337) |
|
|
|
| ||||
| Max | TCP | Open |
|
|
|
| ||
SYN Flood | Handshaking Count |
|
|
| Yes | ||||
| (Default 100 c/sec) |
|
|
|
|
| |||
ICMP Flood | Max | ICMP | Count |
|
|
| Yes | ||
(Default 100 c/sec) |
|
|
|
| |||||
|
|
|
|
|
| ||||
|
|
|
|
|
|
| |||
ICMP Echo | Max PING Count |
|
|
|
| Yes | |||
(Default 15 c/sec) |
|
|
|
| |||||
|
|
|
|
|
| ||||
Src IP: Source IP |
| Src Port: Source Port |
|
| |||||
Dst Port: Destination Port | Dst IP: Destination IP |
|
|
65