5 intrusion detection, Table 34 ids: detectable attacks – ZyXEL Communications Prestige 794M User Manual
Page 71
Prestige 794M User’s Guide
71
Chapter 6 Firewall
6.5 Intrusion Detection
The Prestige’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion
attempts from the Internet. When you enable IDS on the Prestige, inbound packets are filtered
and blocked depending on whether they are detected as possible hacker attacks, intrusion
attempts or other connections that the router determines to be suspicious.
If the Prestige detects a possible attack, the source IP or destination IP address will be added to
the Blacklist. Any further attempts using this IP address will be blocked for the time period
specified in the Block Duration field. The default setting for this function is false (disabled).
Some attack types are denied immediately without using the Blacklist function, such as Land
attack and Echo/CharGen scan.
The following table lists the types of attacks that the IDS is able to detect and the actions
performed.
Apply
Click Apply to save the settings and return to the main Packet Filter screen.
Return
Click Return to discard all changes and go back to the main Packet Filter screen.
Table 33 Firewall: Packet Filters: Add Raw Filter (continued)
LABEL
DESCRIPTION
Table 34 IDS: Detectable Attacks
NAME
PARAMETER
BLACKLIST
TYPE OF BLOCK
DURATION
DROP PACKET LOG
Ascend Kill
Ascend Kill data
Source IP
DoS
Yes
Yes
WinNuke
TCP
Port 135, 137~139,
Flag: URG
Source IP
DoS
Yes
Yes
Smurf
ICMP type 8
Des IP is broadcast
Destination
IP
Victim Protection
Yes
Yes
Land attack
SrcIP = DstIP
Yes
Yes
Echo/
CharGen
Scan
UDP Echo Port and
CharGen Port
Yes
Yes
Echo Scan
UDP Dst Port =
Echo(7)
Source IP
Scan
Yes
Yes
CharGen
Scan
UDP Dst Port =
CharGen(19)
Source IP
Scan
Yes
Yes
X’mas Tree
Scan
TCP Flag: X’mas
Source IP
Scan
Yes
Yes
IMAP
SYN/FIN
Scan
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
Source IP
Scan
Yes
Yes