Patton electronic G.SHDSL INTEGRATED 3086 User Manual

Page 127

Advertising
background image

Intrusion Detection System (IDS)

127

Model 3086 G.SHDSL Integrated Access Device User Guide

6 • Security

Sets the duration for blocking all suspicious hosts. The firewall detects when the system is being scanned
by a suspicious host attempting to identify any open ports.

– Victim Protection Block Duration:Default = 600 seconds (10 minutes).


Sets the duration of the block in seconds.

– Maximum TCP Open Handshaking Count:Default = 100


Sets the maximum number of unfinished TCP handshaking sessions per second that are allowed by a
firewall before a SYN Flood is detected. SYN Flood is a DOS attack. When establishing normal TCP
connections, three packets are exchanged: (1) A SYN (synchronize) packet is sent from the host to the
network server. (2) A SYN/ACK packet is sent from the network server to the host. (3) An Ack
(acknowledge) packet is sent from the host to the network server. If the host sends unreachable source
addresses in the SYN packet, the server sends the SYN/ACK packets to the unreachable addresses and
keeps resending them. This creates a backlog queue of unacknowledged SYN/ACK packets. Once the
queue is full, the system will ignore all incoming SYN request and no legitimate TCP connections can
be established.

– Once the maximum number of unfinished TCP handshaking sessions is reached, an attempted DOS

attack is detected. The firewall blocks the suspected attacker for the time limit specified in the DOS
Attack Block Duration parameter.

– Maximum Ping Count:Default = 15


Sets the maximum number of pings per second that are allowed by the firewall before an Echo Storm is
detected. Echo Storm is a DOS attack. An attacker sends oversized ICMP datagrams to the system using
the ‘ping’ command. This can cause the system to crash, freeze, or reboot, resulting in denial of service
to legitimate users.

– Maximum ICMP Count:Default = 100


Sets the maximum number of ICMP packets per second that are allowed by the firewall before an ICMP
Flood is detected. An ICMP Flood is a DOS attack. The attacker tries to flood the network with ICMP
packets in order to prevent transmission of legitimate network traffic.

4. After selecting the chosen parameters, click on Apply.

Advertising
Popular Brands
Popular manuals