Type of Block Duration | Billion Electric Company BIPAC-7500G

Table 2: Hacker attack types recognized by the IDS

Billion BIPAC-7500G–802.11g ADSL VPN Firewall Router with 3DES Accelerator

Max PING Count: This is a threshold value to decide whether an ICMP Echo Storm is occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.

Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks.

Table 2: Hacker attack types recognized by the IDS

Intrusion Name Detect Parameter Blacklist

Type of

Block

Duration

Drop

Packet

Show Log

Ascend Kill

WinNuke

Smurf

Land attack

Echo/CharGen Scan

Echo Scan

CharGen Scan

X’mas Tree Scan

IMAP

SYN/FIN Scan

SYN/FIN/RST/ACK

Scan

Net Bus Scan

Back Orifice Scan

SYN Flood

ICMP Flood

ICMP Echo

Ascend Kill data

TCP

Port 135, 137~139,

Flag: URG

ICMP type 8

Des IP is broadcast

SrcIP = DstIP

UDP Echo Port and

CharGen Port

UDP Dst Port =

Echo(7)

UDP Dst Port =

CharGen(19)

TCP Flag: X’mas

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

TCP,

No Existing session

And Scan Hosts more than five.

TCP

No Existing session DstPort = Net Bus 12345,12346, 3456

UDP, DstPort =

Orifice Port (31337)

Max TCP Open

Handshaking Count

(Default 100 c/sec)

Max ICMP Count (Default 100 c/sec)

Max PING Count (Default 15 c/sec)

Src IP

Src IP

Dst IP

Src IP

Src IP

Src IP

Src IP

Src IP

SrcIP

SrcIP

DoS

DoS

Victim

Protection

Scan

Scan

Scan

Scan

Scan

Scan

Scan

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Src IP: Source IP	Src Port: Source Port
Dst Port: Destination Port	Dst IP: Destination IP

62

Chapter 4: Configuration

Image 66

Billion Electric Company BIPAC-7500G Hacker attack types recognized by the IDS, Intrusion Name Detect Parameter Blacklist

Contents

Version Release 1.10e BIPAC-7500G802.11g ADSL VPN Firewall Router with 3DES Accelerator User’s Manual Page CHAPTER 3 BASIC INSTALLATION Table of ContentsCHAPTER 2 INSTALLING THE ROUTER CHAPTER 4 CONFIGURATION APPENDIX A PRODUCT SUPPORT AND CHAPTER 5 TROUBLESHOOTINGCONTACT INFORMATION S AVE C ONFIGURATION TO F LASH Fast Ethernet Switch FeaturesWireless Ethernet 802.11g Quick Installation Wizard Firewall Universal Plug and Play UPnP and UPnP NAT TraversalNetwork Address Translation NAT Domain Name System DNS relay Static and RIP1/2 Routing Dynamic Host Configuration Protocol DHCP client and serverFirmware Upgradeable Simple Network Management Protocol SNMP BIPAC-7500G ADSL Router Application Figure 1.1 Application Diagram Chapter 2 Installing the Router Package ContentsImportant note for using the BIPAC-7500G ADSL Router 1 PWR 2 SYS 3 LAN port 4 LAN port 5 LAN port 6 LAN port 7 WLAN The Front LEDsMeaning 10 MAIL 11 PPP 13 ADSL Port RESET PWR Power SwitchThe Rear Ports LINE CONSOLE LAN Cabling Chapter 3 Basic Installation Connecting your router 2. Double-click Local Area Connection. See Figure Configuring PCs in WindowsFor Windows XP 4. Select Internet Protocol TCP/IP and click Properties. See Figure In the LAN Area Connection Status window, click For WindowsDouble-click Local Area “LAN” Connection . See Properties . See Figure 5. Then select the DNS Configuration tab. See Figure For Windows 98 / ME3. Click Properties 3. Select the Obtain an IP address from a DHCP server For Windows NT4.02. Select TCP/IP Protocol and click Properties. See Figure 3.12 TCP / IP LAN Device IP Settings Factory Default SettingsUsername and Password ISP setting in WAN site Information from your ISP PPPoE PPPoA RFC1483 Bridged RFC1483 Routed IPoA Configuring with your Web Browser Figure 3.14 User namd & Password Prompt Widonw Chapter 4 Configuration Save Config to FLASHQuick Start Status ARP Table Routing Table Routing TableRIP Routing Table Expired Table DHCP TableLeased Table Permanent Table PPTP Status IPSec Status L2TP Status Email Status Error Logging Event LogUPnP Portmap Quick Start Click Start to begin scanning for encapsulation types offered by your ISP. If the scan is successful you will then be presented with a list of supported options Ethernet ConfigurationLAN Local Area Network LAN, WAN, System, Firewall, VPN, QoS, Virtual Server and Advanced Wireless ESSID Broadcast Wireless Security WPA Pre-Shared KeyPage Port Setting DHCP Server the requesting PC in the LAN your Local Area Network WAN Wide Area Network RFC 1483 Routed Connections PPPoE Connections Advanced Options PPPoE Connection discovered the DNS server IP address, it automatically gives the address to the local DNS relay so that a connection can be established RFC 1483 Bridged Connections All Ip Pppoe PPPoA Routed Connections Advanced Options PPPoA Chapter 4 Configuration IPoA Routed Connections Page ADSL System Time Zone Remote Access Firmware Upgrade Backup / Restore Restart Router User Management Firewall and Access Control URL Filter To block PCs on your local network from unwanted websites General Settings Packet Filter Port Filters Table 1 Pre-defined Port Filter Address Filters Configuring Packet Filter Click Port Filters Click Add TCP Filter Click Delete4. Click Add TCP Filter Input HTTP port number Select “Allow” HTTP inbound & outbound application Intrusion Detection Block Duration Type of Block Duration Table 2 Hacker attack types recognized by the IDSIntrusion Name Detect Parameter Blacklist Drop Packet MAC Address Filter URL Filter Restrict URL Features Firewall Log Log information can be seen in the Status - Event Log after enabling VPN Virtual Private Networks PPTP Remote Access PPTP Connection Click Apply after changing settings LAN to LAN PPTP Connection Click Apply after changing settings IPSec Click Create to configure a new IPSec VPN connection Remote Configure a new VPN ConnectionLocal Proposal MD5 A one-way hashing algorithm that produces a 128−bit hash Advanced Option L2TP Remote Access L2TP Connection MD5 A one-way hashing algorithm that produces a 128−bit hash LAN to LAN L2TP Connection IPSec Enable for enhancing your LT2P VPN security Function Example Configuring a Remote Access PPTP VPN Dial-in ConnectionConfiguring PPTP VPN in the Office Description Key Length Mode Idle Time Auto stateful Example Configuring a Remote Access PPTP VPN Dial-out Connection Configuring the PPTP VPN in the Office Mode Idle Time stateful Example Configuring a LAN-to-LAN PPTP VPN Connection Configuring PPTP VPN in the Head Office Configuring PPTP VPN in the Branch Office 192.168.0.0/24 69.1.121.30 192.168.1.0/24 69.1.121.3 12345678 Example Configuring a IPSec LAN-to-LAN PPTP VPN ConnectionTable 3 Network Configuration and Security Plan Tunnel mode ESPMD5 with AES Configuring IPSec VPN in the Head Office IP address of the head office router inWAN side Configuring IPSec VPN in the Branch Office QoS Quality of Service Prioritization High IP Throttling Virtual Server “Port Forwarding” Table 4 Well-know and registered PortsPort Number Protocol POP3 Post Office Protocol Version TCP or UDP, however you can specify other protocols using the drop-down Protocol menu. Setting the protocol to “all” will cause all incoming connection attempts using all protocols on all port numbers to be forwarded to the specified IP address Advanced Static Routing Dynamic DNS Check Emails Device Management Embedded Web Server Universal Plug and Play UPnP SNMP V1 andSNMP From RFC1650 EtherLike-MIB SNMP Version SNMPv2c and SNMPv3From RFC 1213 MIB-II From RFC 1493 Bridge MIB From RFC 1474 PPP/Bridge MIB From RFC 1472 PPP/Security MIBFrom RFC 1473 PPP/IP MIB From RFC1573 IfMIB Save Configuration to Flash Logout Problems with the WAN Interface Chapter 5 TroubleshootingProblems starting up the router Problem Problems with the LAN Interface Frequent loss of ADSL linesync disconnectionsCan’t ping any PCs on the LAN APPENDIX A Product Support and Contact Information Contact Billion AUSTRALIAWORLDWIDE