Billion Electric Company BIPAC 8500 User Manual
Page 65
Billion BIPAC-8500 / 8520 SHDSL VPN Firewall Bridge / Router
Chapter 4: Configuration
Max PING Count
: This is a threshold value to decide whether an ICMP Echo Storm is
occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.
Max ICMP Count
: This is a threshold to decide whether an ICMP flood is occurring or not.
Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event
Log. It cannot protect against such attacks.
Table 2: Hacker attack types recognized by the IDS
Intrusion Name
Detect Parameter Blacklist
Type of
Block
Duration
Drop
Packet
Show Log
Ascend Kill
Ascend Kill data
Src IP
DoS
Yes
Yes
WinNuke
TCP
Port 135, 137~139,
Flag: URG
Src IP
DoS
Yes
Yes
Smurf
ICMP type 8
Des IP is broadcast
Dst IP
Victim
Protection
Yes Yes
Land attack
SrcIP = DstIP
Yes
Yes
Echo/CharGen Scan
UDP Echo Port and
CharGen Port
Yes
Yes
Echo Scan
UDP Dst Port =
Echo(7)
Src IP
Scan
Yes
Yes
CharGen Scan
UDP Dst Port =
CharGen(19)
Src IP
Scan
Yes
Yes
X’mas Tree Scan
TCP Flag: X’mas
Src IP
Scan
Yes
Yes
IMAP
SYN/FIN Scan
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
Src IP
Scan
Yes
Yes
SYN/FIN/RST/ACK
Scan
TCP,
No Existing session
And Scan Hosts
more than five.
Src IP
Scan
Yes
Yes
Net Bus Scan
TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456
SrcIP Scan
Yes
Yes
Back Orifice Scan
UDP, DstPort =
Orifice Port (31337)
SrcIP Scan
Yes
Yes
SYN Flood
Max TCP Open
Handshaking Count
(Default 100 c/sec)
Yes
ICMP Flood
Max ICMP Count
(Default 100 c/sec)
Yes
ICMP Echo
Max PING Count
(Default 15 c/sec)
Yes
Src IP
: Source IP
Src
Port
: Source Port
Dst Port
: Destination Port
Dst IP
: Destination IP
61