Network Intrusion Detection System (Nids); Nids Features; Denial Of Service (Dos) Attacks; Reconnaissance - D-Link DFL-500 User Manual

Hide thumbs Also See for DFL-500:

Manual (122 pages)

User manual (114 pages)

Quick install manual (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

Table of Contents

Network Intrusion detection system (NIDS)

The DFL-500 NIDS is a real-time network intrusion detection sensor that can identify a wide variety of

suspicious network traffic including direct attacks, and take action as required. The NIDS uses attack

signatures, stored in the attack database, to identify common attacks. In response to an attack, the NIDS

protects the DFL-500 and the networks connected to it by:

Dropping the connection

Blocking packets from the location of the attack

Blocking network ports, protocols, or services being used by an attack

To notify system administrators of the attack, the NIDS sends alert e-mails to up to three system

administrators.

The attack database functions in a similar manner to an antivirus database. D-Link updates the attack

database periodically. You can download and install attack database updates manually (see

database

updates). You can also configure the DFL-500 to automatically check for and download attack

database updates (see

This chapter describes:

NIDS features

Configuring NIDS detection

Viewing the attack list

Configuring NIDS responses

NIDS features

The NIDS protects the DFL-500 and the networks connected to it from the attacks described below:

Denial of Service (DoS) attacks

Reconnaissance

Exploits

NIDS evasion

Denial of Service (DoS) attacks

Denial of service attacks attempt to deny access to a service or a computer by overloading network links,

overloading the CPU, or filling up disks. The attacker is not trying to gain information, but is simply acting as a

vandal to prevent users from accessing their network resources. The DFL-500 NIDS protects against the

following common DoS attacks:

Packet floods including Smurf flood, TCP SYN flood, UDP flood, and ICMP flood

Incorrectly formed packets including Ping of Death, Chargen, Tear drop, land, and WinNuke

Reconnaissance

Reconnaissance attacks attempt to gain information about a computer network in preparation for an attempt

to break into it. Using the information gained, an attacker can identify and attack specific vulnerabilities. The

DFL-500 NIDS protects against the following common reconnaissance attacks:

Fingerprinting

Ping Sweeps

Port Scans

DFL-500 User Manual

Automatic antivirus and attack database

updates).

Manual attack

Table of Contents

Network Intrusion Detection System (Nids); Nids Features; Denial Of Service (Dos) Attacks; Reconnaissance - D-Link DFL-500 User Manual

Network Intrusion detection system (NIDS)

NIDS features

Denial of Service (DoS) attacks

Reconnaissance

Related Manuals for D-Link DFL-500

Related Content for D-Link DFL-500

Table of Contents