Manuals / Patton electronic / Computer Equipment / Network Card

Patton electronic 3086 manual Intrusion Detection System IDS, 126

Models: 3086

1 196

Download 196 pages 1.92 Kb

Page 126

6 • Security	Model 3086 G.SHDSL Integrated Access Device User Guide

Intrusion Detection System (IDS)

The security feature in the 3086 IAD provides protection from a number of attacks. Some attacks cause a host to be blacklisted (i.e., no traffic from that host is accepted under any circumstances) for a period of time. Other attacks are simply logged. The subsequent table is a summary of the attacks detected.

	Attack Name	Protocol	Attacking Host
	Attack Name	Protocol	Blacklisted?
			Blacklisted?

	Ascend Kill	UDP	yes
	Echo/Chargen	UDP	no

	Echo Scan	UDP	yes
	WinNuke	TCP	yes


	Xmas Tree Scan	TCP	yes

	IMAP SYN/FIN Scan	TCP	yes
	Smurf	ICMP	If victim protection set

	SYN/FIN/RST Flood	TCP	If scanning threshold
			exceeded
	Net Bus Scan	TCP	yes

	Back Orifice Scan	UDP	yes

1.To enable IDS, click on Enabled for “Intrusion Detection Enabled” on the “Security Interface Configura- tion” page. Then click on Change State(s).

2.Click on Configure Intrusion Detection.

3.You may choose which of the parameters to configure and for which value.

–Use Blacklist:Default = 10 minutes when enabled.

If IDS has detected an intrusion an external host, access to the network is denied for ten minutes.

–Use Victim Protection:Default = Disabled.

Enables Victim Protection. Victim Protection protects the victim from an attempted spoofing attack. Web spoofing allows an attacker to create a ‘shadow’ copy of the world wide web (WWW). All access to the shadow Web goes through the attacker’s machine, so the attacker can monitor all of the victim’s activities and send false data to or from the victim’s machine. When enabled, packets destined for the victim host of a spooking style attack are blocked.

–DOS Attack Block Duration:Default = 1800 seconds (30 minutes).

A Denial of Service (DOS) attack is an attempt by an attacker to prevent legitimate users from using a service. If a DOS attack is detected, all suspicious hosts are blocked by the firewall for a set time limit

–Scan Attack Block Duration:Default = 86400 seconds

126	Intrusion Detection System (IDS)

Image 126

Patton electronic 3086 manual Intrusion Detection System IDS, Scan Attack Block DurationDefault = 86400 seconds, 126

Contents

Shdsl Integrated Access Device Patton Electronics Company, Inc Contents Basic Application Configurations Contents Specialized Configurations 113 Contacting Patton for assistance 143 Cable Recommendations 157 Contents Page About this guide AudienceStructure Precautions Factory default parameters Safety when working with electricityAbout this guide Typographical conventions used in this document General conventionsMouse conventions Chapter contents General InformationModel 3086 G.SHDSL IAD overview General attributesModel 3086 G.SHDSL IAD overview TDM Interface Shdsl CharacteristicsEthernet Protocol supportPPP Support ATM ProtocolsManagement Security ModelWAN DSL Rear panel connectors and switches Power connectorConsole port outlined in red RJ-11/4 DSL line port uses pins 2 and 3 of the RJ-11 port Ethernet port outlined in greenLine port outlined in yellow Product Overview Product Overview Applications OverviewIP/FR and Voice over DSL Internet/Extranet AccessIP/FR and TDM Access Product OverviewMetro Intranet Access Quick Start Installation Hardware installation Installing the AC power cordWhat you will need Connecting network cables Quick Start InstallationIP address Quick Start modification Web Operation and ConfigurationPC Configuration IP address has now been successfully changedModel 3086 home page displays see Figure Model 3086 menu structure is shown in onModel 3086 Menu Structure Basic Application Configurations Basic Application Configurations IPoA Routed RFC Introduction Routed WAN Services Bridged WAN Services TDM PortRear panel power and interface connectors X.21 Ports Connecting the 3086 serial port to a DTEConnecting the 3086 serial port to a DCE InterfacesConfiguring the V.35 or X.21 port via DIP switches X.21 PortsDIP switches location Switch Bank S2 Switch Position Function Factory Default Selected OptionSwitch Bank S3 T1 Interface T1 Interface ConnectionT1 Interface Configuration DIP Switch ConfigurationData Rate kbps Figuration only Web Interface Configuration Line Code The 3086 T1 interface uses B8ZSE1 Interface E1 Interface ConnectionDescription of S2 options follows the table E1/CRC S3-8 Setting Web Interface Configuration Using the 3086 as a simple modem TDM data over DSL CLI configurationCLI configuration Wait for configuration saved message… Saving configuration… Circuit ID Web browser configurationClear Error Counters Intended DSL Data RateIntended Serial Interface Data Rate DSL Rate Number of i BitTerminal Type TDM Plus Ethernet Traffic Assigning bandwidth to serial and Ethernet ports Selecting PCM modeSelecting the DSL link speed Central or Remote terminal Master/SlaveFor 3086 a at the prompt type For 3086 B typeSelect between Annex a and Annex B To select Annex B type Circuit ID Intended Serial Interface Data Rate Interface Type Two stand-alone units directly connected Using the 3086 in Routed or Bridged applicationsModel 3086 Remote Configuration Steps PPPoH Bridged Ethernet extension Hdlc Pppoh BridgedLeave User name and Password blank. Click on Apply Model 3086 Central Configuration Steps PPPoH Bridged Model 3086 Remote Configuration Steps PPPoH Routed Network Extension HDLC-PPPoH RoutedModel 3086 G.SHDSL Integrated Access Device User Guide Click on Configure Basic Application Configurations Model 3086 Central Configuration Steps PPPoH Routed Using the 3086 in Routed or Bridged applications Bridged application configurations to a Dslam RFC 1483 Bridged ConfigurationDslam Connections with remote CPE units Model 3086 Remote Configuration Steps RFC 1483 Bridged Model 3086 Central Configuration Steps RFC 1483 Bridged PPPoH Bridged Configuration Dslam Connections with remote CPE units Model 3086 Central Configuration Steps PPPoH Bridged PPPoA Bridged RFC 2364 Configuration Model 3086 Remote Configuration Steps PPPoA BridgedModel 3086 CentralConfiguration Steps PPPoA Bridged VPI = VCI = LLC header mode = off Hdlc header mode = offRouted application configurations to a Dslam Model 3086 Remote Configuration Steps RFC 1483 RoutedRFC 1483 Routed Model 3086 G.SHDSL Integrated Access Device User Guide Basic Application Configurations Model 3086 Central Configuration Steps RFC 1483 Routed One IP interface was called ip1 with an IP addressIp set interface ip1 ipaddress 192.168.100.2 Dslam Connections with remote CPE units Basic Application Configurations PPPoH Routed Ip set interface ip1 ipaddress 192.168.100.2 Dslam Connections with remote CPE units Basic Application Configurations Model 3086 Central Configuration Steps PPPoH Routed Basic Application Configurations Basic Application Configurations Model 3086 Remote-Client Configuration Steps PPPoA Routed PPPoA Routed RFCUser Namefred Passwoodfredspass Click on Configure ChapBasic Application Configurations Dslam Connections with remote CPE units Model 3086 Central-Server Configuration Steps PPPoA Routed 100 101 Local IP Magic Number MRU 102103 104 105 106 Model 3086 Remote Configuration Steps IPoA Routed IPoA Routed RFC107 108 109 110 Model 3086 Central Configuration Steps IPoA Routed VPI0 VCI700 WAN IP address Click on Apply111 112 Specialized Configurations RIP and RIPv2 Static Route IP ConfigurationsRouter Dhcp Server and RelaySpecialized Configurations 115DNS Client 116DNS Relay Mode 117IP Configurations Security Configuring the IAD 120Configuring the security interfaces Security121 Deleting a Firewall Policy 122Firewall Policies Enabling the FirewallFirewall Portfilters Firewall policy named item0 is now deletedSecurity Triggers 124125 Scan Attack Block DurationDefault = 86400 seconds Intrusion Detection System IDS126 127 Intrusion Detection System IDS NAT Network Address Translation Enabling NAT 130Global address pool and reserved map NAT Network Address Translation131 132 Monitoring Status Status LEDs 134Diagnostics Procedure Software UpgradesConfiguration PingOperating Remote Digital Loopback RDL-DSL Loop DiagnosticsOperating Local Analog Loopback LAL-Serial Port Loop 137T1/E1 Diagnostics Network Loop138 T1/E1 Local Loop 139QRSS-BIT Error Rate Diagnostics 140Transceiver Status AlarmsT1/E1 connection Status FDL statistics T1 onlyBIT Error Rate V.52 Diagnostics 142Contacting Patton for assistance Contact information Warranty coverageOut-of-warranty service Returns for creditShipping instructions Return for credit policyRMA numbers Contacting Patton for assistancePage Appendix a Compliance information Radio and TV Interference FCC Part SafetyCompliance CE Declaration of ConformityIndustry Canada Notice Authorized European RepresentativeFCC Part 68 Acta Statement 149150 Appendix B Specifications Ethernet General CharacteristicsShdsl Characteristics 15264K/G.703 Port 3086/RIF Model Sync Serial InterfaceT1/E1 Interface 3086/RIK and RIT models only Protocol SupportManagement PPP SupportATM Protocols 154Security DimensionsPower and Power Supply Specifications Compliance Standard Requirements156 Appendix C Cable Recommendations Adapter DSL CableEthernet Cable Foot 3 m, RJ-11/RJ-11 refer to RJ-11non-shielded port onAppendix D Physical Connectors RJ-11 non-shielded port Assuming the MDI-X switch is in the out positionRJ-45 shielded 10/100 Ethernet port RJ-45 non-shielded RS-232 console port EIA-561Physical Connectors 35 M/34 Connector35 DB-25 Female Connector Serial portIEC 320 connector two prong Power input21 DB-15 Connector E1/T1 RJ-48C Connector 162Appendix E Command Line Interface CLI Operation 163Local VT-100 emulation CLI TerminologyProduces a list of numbered transport objects Remote TelnetThen Using the ConsoleCommand Line Interface CLI Operation 165Adding new users Administering user accountsSetting user passwords Following information is returnedControlling user access Changing user settingsControlling login access Shdsl CommandsTo establish the DSL link For CPE remote unit168 169 170 Appendix F Interworking Functions Information Interworking Functions Information Frame Relay Local Management Interface LMI Configuration OptionsManagementType Default Value nomaintenance 173T392Value Default Value MgtAutoStart Default Value FalseT391Value Default Value FullReportCycle Default ValueCommand lmi show CLI Configuration MethodsShow current configuration Set configuration variableFRS Configuration Options Frame Relay Service Interworking FRF.8Web Configuration Methods DE MappingTranslation Mode Fecn Mapping177 FRS Name 178Show one of the eight groups CLI Configuration MethodCommand frs set group # variable value Set variable attributes on a specified groupSet variable attributes on a specified channel FRS Overview Screen180 Group/Channel Level Configuration Screen 181FRN Configuration Options Frame Relay Network Interworking FRF.5182 Port Level Configuration Options 183Channel Level Configuration Options 184Show detailed information about a specific port CLI Configuration Methods for Port Level ManagementList all ports available to the system 185Understanding the Channel Level View Command frn set port# variable valueConfiguration Management of the Channel Level Variables 186Set Configuration Variables associated with the Channels Command frn set port# channel # variable value187 Port Level Information Screen 188Channel Level Information Screen Packet Information Screen189 Frame Relay Configuration Options Frame Relay CLI Configuration OptionsFrame Relay Ethernet Based Operations List all active Frame Relay Channels Clear all Frame Relay TransportsDelete the specified transport 191Configuration Variables Available Serial Interface ConfigurationWeb Based Configuration of the Frame Relay Channel Clock ModeShow current configuration settings Gain help about the Serial Interface193 Ping and Trace Route Web Interface ConfigurationsPing commands from the CLI Interface 194Start Trace Route ip traceroute start Trace Route from the CLI InterfaceDefine Usage ip traceroute 195Restore Configuration Backup and Restore FeaturesBackup Configuration Ping and traceroute from the web interface