LevelOne FBR-1461 User Manual

67

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the

Event Log but it will not be able to protect against such attacks

Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter Blacklist

Type of

Block

Duration

Drop

Packet

Show

Log

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

Yes

WinNuke

TCP
Port135, 137~139,
Flag: URG

Src IP

DoS

Yes

Yes

Smurf

ICMP type 8
Des IP is broadcast

Dst IP

Victim

Protection

Yes

Yes

Land attack

SrcIP = DstIP

Yes

Yes

Echo/CharGen
Scan

UDP Echo Port and
CharGen Port

Yes

Yes

Echo Scan

UDP Dst Port =
Echo(7)

Src IP

Scan

Yes

Yes

CharGen Scan

UDP Dst Port =
CharGen(19)

Src IP

Scan

Yes

Yes

X’mas Tree Scan

TCP Flag: X‟mas

Src IP

Scan

Yes

Yes

IMAP
SYN/FIN Scan

TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535

Src IP

Scan

Yes

Yes

SYN/FIN/RST/ACK
Scan

TCP,
No Existing session
And Scan Hosts more
than five.

Src IP

Scan

Yes

Yes

Net Bus Scan

TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456

SrcIP

Scan

Yes

Yes

Back Orifice Scan

UDP, DstPort = Orifice
Port (31337)

SrcIP

Scan

Yes

Yes

SYN Flood

Max TCP Open
Handshaking Count
(Default 100 c/sec)

Yes