Intrusion Detection
The router Intrusion Detection System (IDS) is used to detect hacker’s attack and intrusion
attempts from the Internet. If the IDS function of the rewall is enabled, inbound packets are
ltered and blocked depending on whether they are detected as possible hacker attacks, intrusion
attempts or other connections that the router determines to be suspicious.
Blacklist: If the router detects a possible attack, the source IP or destination IP address will be
added to the Blacklist. Any further attempts using this IP address will be blocked for the time
period specied as Block Duration. Default setting for this function is false (disabled). Some
attack types are denied immediately without using the Blacklist function, such as Land attack and
Echo/CharGen scan.
Intrusion Detection: Check Enable if you wish to detect intruders accessing your computer
without permission.
Block Duration:
• Victim Protection Block Duration: This is the duration for blocking Smurf attacks. Default
value is 600 seconds.
• Scan Attack Block Duration: This is the duration for blocking hosts that attempt a possible
Scan attack. Scan attack types include X’mas scan, IMAP SYN/FIN scan and similar attempts.
Default value is 86400 seconds.
• DOS Attack Block Duration: This is the duration for blocking hosts that attempt a possible
Denial of Service (DoS) attack. Possible DoS attacks this attempts to block include Ascend Kill
and WinNuke. Default value is 1800 seconds.
Maximum TCP Open Handshaking Count: This is a threshold value to decide whether a SYN
Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds.
Maximum Ping Count: This is a threshold value to decide whether an ICMP Echo Storm is
occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.
Maximum ICMP Count: This is a threshold to decide whether an ICMP ood is occurring or not.
Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).
For SYN Flood, ICMP Echo Storm and ICMP ood, IDS will just warn the user in the Event Log. It
cannot protect against such attacks.
Click Apply to conrm the settings.
98
To Next Page
Loading...
Need help?
General
