beautypg.com

Huawei DR814Q User Manual

Page 72

background image

User Manual
Aolynk DR814Q ADSL2+ Broadband Router

5 Advanced Configuration

67

Table 5-8 Description of the IDS configuration items

Item

Description

Use Blacklist

Select true or false to enable or disable the blacklist function.
When the external host attacks (Ascend Kill, Echo Scan,
WinNuke, Xmas Tree Scan, IMAP SYN/FIN Scan, SMURF,
TCP SYN Flood, Net Bus Scan and Back Orifice Scan) are
found, these hosts are put into the blacklist and their packets
are filtered out within the set time limit.

Use Victim
Protection

Select true or false to enable or disable the Smurf protection
which protects the DR814Q against attacks caused by pings
with a broadcast address. The attacker may broadcast pings
with the victim’s MAC address as the source MAC address.
Without this protection, hosts in LAN will send response
packets to the victim when receiving these packets, and even
cause the collapse of the victim. With this protection, the
DR814Q will detect and drop ICMP packets sent by the attacker
and continue to do so within a specific time limit.

Victim Protection
Block Duration

Block duration of Web Spoofing (Smurf) attacks on the host. If
the device detects these attacks, it will filter all the ICMP
packets that attack the host and continue to do so within a
specific time limit. The default value is 10 minutes.

DOS Attack Block
Duration

Block duration of DoS attacks on the host. If the DR814Q
detects these attacks, it will filter all the packets that attack the
host and continue to do so within a specific time limit. The
default value is 30 minutes.

DoS attacks will prevent legitimate users from accessing
normal Internet services. The DoS attacks that the device can
detect include Smurf Attack, SYN/FIN/RST Flood, ICMP Flood,
Ping Flood, Ascend Kill, WinNuke Attack and Echo Chargen.

Scan Attack Block
Duration

Block duration of port scanning attacks on the host. If the
DR814Q detects these attacks, it will filter all the packets that
attack the host and continue to do so within a specific time limit.
The default value is 24 hours.

Scan Detection
Threshold

Threshold of port scanning packets. When the DR814Q detects
port scanning packets (such as SYN/ACK, FIN or RST) sent by
a host per second and the number of packets reaches the
threshold, the device regards them as port scanning attacks.

The port scanning attacks that the device can detect include
Echo scan, Xmas Tree scan, IMAP scan, TCP SYN ACK scan,
TCP FIN RST scan, NetBus scan, Back Orifice scan and
SubSeven.Most of port scanning attacks are the Trojan Horse
attack.

Scan Detection
Period

Statistics duration of port scanning. When the device detects
that port scanning continues to reach the set time, the device
will block all the packets that attack the host and continue to do
so within the time limit set in the [Scan Attack Block Duration]
text box.

The default value is 60 seconds.

See also other documents in the category Huawei Hardware: