Billion Electric Company BiPAC 7401VP/VGP, VoIP/(802.11g) ADSL2+ Router Table 2: Hacker attack types recognized by the IDS , 67

VoIP/(802.11g) ADSL2+ Router

Chapter 4: Configuration

Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not. Default

value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It

cannot protect against such attacks.

Table 2: Hacker attack types recognized by the IDS

Intrusion Name Detect Parameter Blacklist Type of Block

Duration Drop Packet Show Log

Ascend Kill Ascend Kill data Src IP DoS Yes Yes

WinNuke TCP

Port 135, 137~139,

Flag: URG

Src IP DoS Yes Yes

Smurf ICMP type 8

Des IP is broadcast Dst IP Victim

Protection Yes Yes

Land attack SrcIP = DstIP Yes Yes

Echo/CharGen Scan UDP Echo Port and

CharGen Port Yes Yes

Echo Scan UDP Dst Port =

Echo(7) Src IP Scan Yes Yes

CharGen Scan UDP Dst Port =

CharGen(19) Src IP Scan Yes Yes

X’mas Tree Scan TCP Flag: X’mas Src IP Scan Yes Yes

IMAP

SYN/FIN Scan

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

Src IP Scan Yes Yes

SYN/FIN/RST/ACK

Scan

TCP,

No Existing session

And Scan Hosts

more than five.

Src IP Scan Yes Yes

Net Bus Scan

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

SrcIP Scan Yes Yes

Back Orifice Scan UDP, DstPort =

Orifice Port (31337) SrcIP Scan Yes Yes

SYN Flood Max TCP Open

Handshaking Count

(Default 100 c/sec)

Yes

ICMP Flood Max ICMP Count

(Default 100 c/sec) Yes

ICMP Echo Max PING Count

(Default 15 c/sec) Yes

Src IP: Source IP Src Port: Source Port

Dst Port: Destination Port Dst IP: Destination IP