Billion BiPAC 8500/8501/8520/8521 SHDSL (VPN) Firewall Bridge/ Router

(PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log. It cannot protect against such attacks. Table 2: Types of Hacker attack recognized by the IDS.

1

Detect

Blacklist

Parameter

 

 

 

 

 

Ascend Kill

Ascend Kill data

Src IP

 

TCP

 

WinNuke

Port 135,

Src IP

137~139, Flag:

 

 

 

URG

 

 

ICMP type 8

 

Smurf

Des IP is

Dst IP

 

broadcast

 

Land attack

SrcIP = DstIP

 

Echo/CharGen

UDP Echo Port

 

and CharGen

 

Scan

 

Port

 

 

 

Echo Scan

UDP Dst Port =

Src IP

Echo(7)

 

 

CharGen Scan

UDP Dst Port =

Src IP

CharGen(19)

 

 

X’mas Tree Scan

TCP Flag:

Src IP

X’mas

 

 

 

TCP Flag:

 

 

SYN/FIN

 

IMAP

DstPort:

Src IP

SYN/FIN Scan

IMAP(143)

 

 

SrcPort: 0 or

 

 

65535

 

 

TCP,

 

SYN/FIN/RST/ACK

No Existing

 

session And

Src IP

Scan

Scan Hosts

 

 

 

 

more than five.

 

 

TCP

 

 

No Existing

 

 

session

 

Net Bus Scan

DstPort = Net

SrcIP

 

Bus

 

 

12345,12346,

 

 

3456

 

 

UDP, DstPort =

 

Back Orifice Scan

Orifice Port

SrcIP

 

(31337)

 

 

Max TCP Open

 

SYN Flood

Handshaking

 

Count (Default

 

 

 

 

100 c/sec)

 

Type of

Block

Duration

DoS

DoS

Victim

Protection

Scan

Scan

Scan

Scan

Scan

Scan

Scan

Drop

Packet

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Show Log

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

91

Chapter 4: Configuration

Page 94 Page 96
Page 95
Image 95
Billion Electric Company BiPAC 8500/8520 user manual Detect Blacklist Parameter, Type Block Duration, Drop Packet, Show Log
Page 94 Page 96
Top Page Image Contents