Billion 800VGT Router

Table 2: Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter Blacklist

Type of Block Drop Packet Duration

Show Log

Ascend Kill

Ascend Kill data

 

Src IP

DoS

Yes

Yes

 

 

 

 

 

 

 

 

 

 

TCP

 

 

 

 

 

 

 

WinNuke

Port 135, 137~139,

Src IP

DoS

Yes

Yes

 

Flag: URG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Smurf

ICMP type 8

 

 

Dst IP

Victim

Yes

Yes

Des IP is broadcast

Protection

 

 

 

 

 

 

 

Land attack

SrcIP = DstIP

 

 

 

Yes

Yes

 

 

 

 

 

 

Echo/CharGen Scan

UDP Echo Port and

 

 

Yes

Yes

CharGen Port

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Echo Scan

UDP

Dst

Port

=

Src IP

Scan

Yes

Yes

 

Echo(7)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CharGen Scan

UDP

Dst

Port

=

Src IP

Scan

Yes

Yes

 

CharGen(19)

 

 

 

 

 

X’mas Tree Scan

TCP Flag: X’mas

 

Src IP

Scan

Yes

Yes

 

 

 

 

 

 

IMAP

TCP Flag: SYN/FIN

 

 

 

 

DstPort: IMAP(143)

Src IP

Scan

Yes

Yes

SYN/FIN Scan

SrcPort: 0 or 65535

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TCP,

 

 

 

 

 

 

 

SYN/FIN/RST/ACK

No Existing session

Src IP

Scan

Yes

Yes

Scan

And

Scan

Hosts

 

 

 

 

 

more than five.

 

 

 

 

 

 

TCP

 

 

 

 

 

 

 

Net Bus Scan

No Existing session

SrcIP

Scan

Yes

Yes

 

DstPort = Net Bus

 

 

 

 

 

12345,12346, 3456

 

 

 

 

 

 

 

 

 

 

 

 

Back Orifice Scan

UDP,

DstPort

=

SrcIP

Scan

Yes

Yes

 

Orifice Port (31337)

 

 

 

 

 

Max

TCP

Open

 

 

 

 

SYN Flood

Handshaking Count

 

 

 

Yes

 

(Default 100 c/sec)

 

 

 

 

 

ICMP Flood

Max

ICMP

Count

 

 

 

Yes

(Default 100 c/sec)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ICMP Echo

Max PING Count

 

 

 

 

Yes

(Default 15 c/sec)

 

 

 

 

 

 

 

 

 

 

Src IP: Source IP

 

Src Port: Source Port

 

 

Dst Port: Destination Port

Dst IP: Destination IP

 

 

65

Chapter 4: Configuration

Page 65
Image 65
Billion Electric Company 800VGT manual Hacker attack types recognized by the IDS, Syn/Fin/Rst/Ack