Atlantis Land WEBSHARE 3G 244WN User Manual

91

Victim Protection

Block Duration

This is the duration for blocking Smurf attacks. Default value is

600 seconds.

Scan Attach Block

Duration

This is the duration for blocking hosts that attempt a possible

Scan attack. Scan attack types include X’mas scan, IMAP

SYN/FIN scan and similar attempts. Default value is 86400

seconds.

DOS Attack Block

Duration

This is the duration for blocking hosts that attempt a possible

Denial of Service (DoS) attack. Possible DoS attacks this

attempts to block include Ascend Kill and WinNuke. Default

value is 1800 seconds.

Maximum TCP

Open Handshaking

Count

This is a threshold value to decide whether a SYN Flood

attempt is occurring or not. Default value is 100 TCP SYN per

seconds

Maximum Ping

Count

This is a threshold value to decide whether an ICMP Echo

Storm is occurring or not. Default value is 15 ICMP Echo

Requests (PING) per second.

Maximum ICMP

Count

This is a threshold to decide whether an ICMP flood is occurring

or not. Default value is 100 ICMP packets per seconds except

ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the

Event Log. It cannot protect against such attacks.

Intrusion Name

Detect

Parameter

Blacklist

Type of

Block

Duration

Drop

Packet

Show

Log

Ascend Kill

Ascend Kill data Src IP

DoS

Yes

Yes

WinNuke

TCP

Port 135,

137~139, Flag:

URG

Src IP

DoS

Yes

Yes