Billion Electric Company BiPAC 7300GX User Manual

Page 92

Advertising
background image

91

Intrusion Detection.

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the

Event Log but it will not be able to protect against such attacks.

Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter Blacklist

Type of Block

Duration

Drop Packet Show Log

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

Yes

WinNuke

TCP

Port 135, 137~139,

Flag: URG

Src IP

DoS

Yes

Yes

Smurf

ICMP type 8

Des IP is broadcast

Dst IP

Victim

Protection

Yes Yes

Land attack

SrcIP = DstIP

Yes

Yes

Echo/CharGen Scan

UDP Echo Port and

CharGen Port

Yes Yes

Echo Scan

UDP Dst Port =

Echo(7)

Src IP

Scan

Yes

Yes

CharGen Scan

UDP Dst Port =

CharGen(19)

Src IP

Scan

Yes

Yes

X’mas Tree Scan

TCP Flag: X’mas

Src IP

Scan

Yes

Yes

IMAP

SYN/FIN Scan

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

Src IP

Scan

Yes

Yes

SYN/FIN/RST/ACK

Scan

TCP,

No Existing session

And Scan Hosts

more than five.

Src IP

Scan

Yes

Yes

Net Bus Scan

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

SrcIP Scan

Yes

Yes

Back Orifice Scan

UDP, DstPort =

Orifice Port (31337)

SrcIP Scan

Yes

Yes

SYN Flood

Max TCP Open

Handshaking Count

Yes

Advertising
See also other documents in the category Billion Electric Company Hardware: