Patton electronic 2621 Router User Manual

Open as PDF

of 133

Intrusion Detection System (IDS) 78

Models 2603, 2621, and 2635 Getting Started Guide 7 • Security

Intrusion Detection System (IDS)

The security feature in the IPLink Router provides protection from a number of attacks. Some attacks cause a

host to be blacklisted (i.e., no trafﬁc from that host is accepted under any circumstances) for a period of time.

Other attacks are simply logged. The subsequent table is a summary of the attacks detected.

1. To enable IDS, click on Enabled for “Intrusion Detection Enabled” on the “Security Interface Conﬁgura-

tion” page. Then click on Change State.

2. Click on Conﬁgure Intrusion Detection...

3. You may choose which of the parameters to conﬁgure and for which value.

– Use Blacklist: Default = 10 minutes when enabled.

If IDS has detected an intrusion an external host, access to the network is denied for ten minutes.

– Use Victim Protection: Default = Disabled.

Victim Protection. When enabled, Victim Protection protects the victim from an attempted spooﬁng attack.

Web spooﬁng allows an attacker to create a ‘shadow’ copy of the world wide web (WWW). All access to the

shadow Web goes through the attacker’s machine, so the attacker can monitor all of the victim’s activities and

send false data to or from the victim’s machine. When enabled, packets destined for the victim host of a spook-

ing style attack are blocked.

– Victim Protection Block Duration: Default = 600 seconds

– DOS Attack Block Duration:Default = 1800 seconds (30 minutes).

A Denial of Service (DOS) attack is an attempt by an attacker to prevent legitimate users from using a service.

If a DOS attack is detected, all suspicious hosts are blocked by the ﬁrewall for a set time limit

– Scan Attack Block Duration:Default = 86400 seconds

Sets the duration for blocking all suspicious hosts. The ﬁrewall detects when the system is being scanned by a

suspicious host attempting to identify any open ports.

Attack Name Protocol

Attacking Host

Blacklisted?

Ascend Kill UDP yes

Echo/Chargen UDP no

Echo Scan UDP yes

WinNuke TCP yes

Xmas Tree Scan TCP yes

IMAP SYN/FIN Scan TCP yes

Smurf ICMP If victim protection set

SYN/FIN/RST Flood TCP If scanning threshold

exceeded

Net Bus Scan TCP yes

Back Oriﬁce Scan UDP yes

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Patton electronic 2621 Router User Manual