Billion Electric Company 800VGT manual Hacker attack types recognized by the IDS, Syn/Fin/Rst/Ack

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

Yes

TCP

WinNuke

Port 135, 137~139,

Src IP

DoS

Yes

Yes

Flag: URG

Smurf

ICMP type 8

Dst IP

Victim

Yes

Yes

Des IP is broadcast

Protection

Land attack

SrcIP = DstIP

Yes

Yes

Echo/CharGen Scan

UDP Echo Port and

Yes

Yes

CharGen Port

Echo Scan

UDP

Dst

Port

=

Src IP

Scan

Yes

Yes

Echo(7)

CharGen Scan

UDP

Dst

Port

=

Src IP

Scan

Yes

Yes

CharGen(19)

X’mas Tree Scan

TCP Flag: X’mas

Src IP

Scan

Yes

Yes

IMAP

TCP Flag: SYN/FIN

DstPort: IMAP(143)

Src IP

Scan

Yes

Yes

SYN/FIN Scan

SrcPort: 0 or 65535

TCP,

SYN/FIN/RST/ACK

No Existing session

Src IP

Scan

Yes

Yes

Scan

And

Scan

Hosts

more than five.

TCP

Net Bus Scan

No Existing session

SrcIP

Scan

Yes

Yes

DstPort = Net Bus

12345,12346, 3456

Back Orifice Scan

UDP,

DstPort

=

SrcIP

Scan

Yes

Yes

Orifice Port (31337)

Max

TCP

Open

SYN Flood

Handshaking Count

Yes

(Default 100 c/sec)

ICMP Flood

Max

ICMP

Count

Yes

(Default 100 c/sec)

ICMP Echo

Max PING Count

Yes

(Default 15 c/sec)

Src IP: Source IP

Src Port: Source Port

Dst Port: Destination Port

Dst IP: Destination IP