PLANET ADSL VPN / Firewall Router
The Intrusion Detection allows you to prevent your local area network (LAN) from malicious attacks, for example, port scan and
The Intrusion Detection also supports the blacklisting feature to minimize system overhead that could be consumed in an attack, as well as protecting the network in the meantime. The blacklist is empty initially when the firewall enabled. The initiator of an attack will be blacklisted, that is, will be added to the blacklist. Whenever the router receives a packet from the Internet, it will check the blacklist first to see if the initiator is in the list. If it is, the packet will be dropped. A configurable value is associated with each type of the attack, the initiator will be removed from the list when it times out.
Enable: select True to enable intrusion detection. Strongly recommend to set TRUE for “Use Blacklist” and “Use Victim Protection” when enable “Intrusion Detection”.
Use Blacklist: select True to use blacklist. If enabled, external host addresses will be saved into blacklist when the router detects the intrusion from these hosts.
Use Victim Protection: select True to use Victim Protection. If enabled, the router will protect the internal host (the host is the victim at this moment) from suspicious attacks.
Victim Protection Duration: after the router has detected that an internal host has been attacked, the router will record this external host IP into the Blacklist and block traffic with this host for a set time limit in order to protect the host.
DoS Attack Block Duration: after a DoS attack is detected, the router will record this external host IP into the Blacklist and block traffic with this host for a set time limit.
Scan Attack Block Duration: after a Scan attack is detected, the router will record this external host IP into the Blacklist and block traffic with this host for a set time limit.
Maximum TCP Open Handshaking Count: set the maximum number of unfinished TCP handshaking session per second. Once the maximum of unfinished TCP
42