ZyXEL Communications 794M 6.5 Intrusion Detection, Block Duration

Prestige 794M User’s Guide

Table 33 Firewall: Packet Filters: Add Raw Filter (continued)

LABEL	DESCRIPTION

Apply	Click Apply to save the settings and return to the main Packet Filter screen.

Return	Click Return to discard all changes and go back to the main Packet Filter screen.

6.5 Intrusion Detection

The Prestige’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts from the Internet. When you enable IDS on the Prestige, inbound packets are filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router determines to be suspicious.

If the Prestige detects a possible attack, the source IP or destination IP address will be added to the Blacklist. Any further attempts using this IP address will be blocked for the time period specified in the Block Duration field. The default setting for this function is false (disabled). Some attack types are denied immediately without using the Blacklist function, such as Land attack and Echo/CharGen scan.

The following table lists the types of attacks that the IDS is able to detect and the actions performed.

Table 34 IDS: Detectable Attacks

NAME	PARAMETER	BLACKLIST	TYPE OF BLOCK	DROP PACKET	LOG
			DURATION
Ascend Kill	Ascend Kill data	Source IP	DoS	Yes	Yes

WinNuke	TCP	Source IP	DoS	Yes	Yes
	Port 135, 137~139,
	Flag: URG

Smurf	ICMP type 8	Destination	Victim Protection	Yes	Yes
	Des IP is broadcast	IP
	Des IP is broadcast

Land attack	SrcIP = DstIP			Yes	Yes

Echo/	UDP Echo Port and			Yes	Yes
CharGen	CharGen Port
Scan
Echo Scan	UDP Dst Port =	Source IP	Scan	Yes	Yes
	Echo(7)
CharGen	UDP Dst Port =	Source IP	Scan	Yes	Yes
Scan	CharGen(19)
X’mas Tree	TCP Flag: X’mas	Source IP	Scan	Yes	Yes
Scan
IMAP	TCP Flag: SYN/FIN	Source IP	Scan	Yes	Yes
SYN/FIN	DstPort: IMAP(143)
Scan	SrcPort: 0 or 65535
	SrcPort: 0 or 65535

71	Chapter 6 Firewall

Contents

User’s Guide Copyright Disclaimer Trademarks Federal Communications Commission (FCC) Interference Statement Notice Certifications Safety Warnings ZyXEL Limited Warranty Note Safety Warnings Customer Support Page Table of Contents Page Page QoS (Quality of Service) Static Route Page Page List of Figures Page List of Tables Page Preface About This User's Guide Related Documentation User Guide Feedback Syntax Conventions Graphics Icons Key Introduction 1.1 About Your Prestige 1.2 Features Multi-ModeStandard 10/100M Auto-negotiatingEthernet/Fast Ethernet Interface(s) Multiplexing Full Network Management Universal Plug and Play (UPnP) Network Address Translation (NAT) Firewall 1.3 Applications 1.3.1 Internet Access 1.3.2 Firewall for Secure Broadband Internet Access 1.3.3 VPN Application 1.3.4 LAN-to-LANApplication 1.4 Hardware Connection 1.4.1 Front Panel 1.5 Rear Panel The Web Configurator 2.1 Overview 2.2Accessing the Web Configurator 2.3 Resetting the Prestige 2.3.1 Procedure To Use The Reset Button 2.4Navigating the Web Configurator 2.4.1 The Status Screen 2.5System Status 2.6 ARP Table 2.6.1 How ARP Works 2.7 Routing Table 2.7.1 PPTP Status 2.7.2 IPSec Status 2.7.3 L2TP Status 2.7.4 Email Status 2.7.5 Event Log 2.7.6 Error Log 2.7.7 NAT Sessions 2.8 Internet Access Quick Start Setup Page 2.8.1 Auto Scan LAN 3.1 Overview 3.2 LAN TCP/IP 3.2.1 Factory LAN Defaults 3.2.2 IP Address and Subnet Mask 3.3The Ethernet Screen 3.4 Ethernet Client Filter 3.4.1 Ethernet Client Filter Candidates 3.5 Port Setting 3.6 DHCP 3.6.1 IP Pool Setup 3.6.2 DNS Servers 3.6.3DHCP Setup 3.6.3.1 Disable DHCP 3.6.3.2 DHCP Server Setup Page 3.6.4 DHCP Relay Agent DHCP Relay WAN 4.1 Overview 4.1.1 Encapsulation Types 4.1.1.1 RFC 4.1.1.2 PPPoE 4.2 ISP 4.2.1 Edit Settings 4.2.1.1 Advanced PPP Options Page 4.2.2 Change Connection Type 4.3DNS 4.4 SHDSL Parameters Table 25 SHDSL Page System 5.1 Overview 5.2 Time Zone 5.3 Remote Access 5.4 Firmware Upgrade 5.5Backup/Restore 5.6 Restart Router 5.7 User Management 5.7.1 Create a New User Account Page Firewall 6.1 Overview 6.2 Types of Firewalls 6.2.1Packet Filtering Firewalls 6.2.2 Application-levelFirewalls 6.2.3Stateful Inspection Firewalls 6.3 General Settings 6.4 Packet Filter Policy Firewall: General Settings 6.4.1 Add a New TCP/UDP Packet Filter 6.4.2 Add a New Raw Packet Filter 6.5 Intrusion Detection Intrusion Detection 6.6 URL Filter 6.6.1 Keywords Filtering 6.6.2 Domain Filtering 6.7 Firewall Log Page VPN 7.1 Overview 7.2 PPTP 7.2.1 PPTP Summary 7.2.2 Creating a PPTP VPN Rule 7.2.2.1 Remote Access Connection Page 7.2.2.2 LAN to LAN Connection Page 7.3 IPSec 7.3.1 AH (Authentication Header) 7.3.2 ESP (Encapsulating Security Payload) 7.3.3 Perfect Forward Secrecy (PFS) 7.3.4 Pre-SharedKey 7.3.5 IPSec VPN Summary 7.3.6 IPSec VPN Configuration Page 7.4 L2TP 7.4.1 Creating a New L2TP Rule 7.4.1.1 Remote Access L2TP Connection Page 7.4.1.2 LAN to LAN L2TP Connection Page Page 7.5 VPN Example 7.5.1 Example: Remote PPTP VPN Dial-inConnection 7.5.2 Example: Remote PPTP VPN Dial-outConnection MUST QoS (Quality of Service) 8.1 Overview 8.1.1 Prioritization Page 8.2 IP Throttling Page 8.3 QoS Example 8.3.1 Example Prioritization with QoS 8.3.2 Rate Limiting with IP Throttling Example 8.4 Time Schedule 8.4.1 Configuring a Time Schedule Page Static Route 9.1 Overview 9.2 Configuration Page Dynamic DNS 10.1 Overview 10.1.1 Configuration Page Check Emails 11.1 Overview 11.2 Configuring Page Device Management 12.1 Overview 12.1.1 Universal Plug and Play (UPnP) 12.1.1.1 How do I know if I'm using UPnP 12.1.1.2 Cautions with UPnP 12.1.2.1SNMPv3 12.1.2.2 SNMP Traps and MIBs 12.2 The Device Management Screen WAN Page 12.3 IGMP Numerics Index