Exploits; Nids Evasion; Configuring Nids Detection - D-Link DFL-500 User Manual

Hide thumbs Also See for DFL-500:

Manual (122 pages)

User manual (114 pages)

Quick install manual (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

Table of Contents

Buffer overflows including SMTP VRFY and SMTP EXPN

Account Scans

OS Identification

Exploits

Exploits are attempts to take advantage of features or bugs to gain unauthorized access to a computer or

network. The DFL-500 NIDS protects against the following common exploits:

Brute Force Attack

CGI Scripts including Phf, EWS, info2www, TextCounter, GuestBook, Count.cgi, handler,

webdist.cgi,php.cgi, files.pl, nph-test-cgi, nph-publish, AnyForm, and FormMail

Web Server Attacks

Web Browser Attacks including URL, HTTP, HTML, JavaScript, Frames, Java, and ActiveX

SMTP (SendMail) Attack

IMAP/POP

Buffer Overflow

DNS Attacks including Bind and Cache

IP Spoofing

Trojan Horse attacks including BackOrifice 2K, IniKiller, Netbus, NetSpy, Priority, Ripper, Striker, and

SubSeven

NIDS evasion

As attackers become more sophisticated, they are developing techniques to evade NIDS systems. The DFL-

500 NIDS can detect and evade the following NIDS evasion techniques:

Signature spoofing

Signature encoding

IP fragmentation

TCP/UDP disassembly

Configuring NIDS detection

To select the interface for which the NIDS monitors network traffic and to set whether or not the NIDS verifies

checksums:

Go to NIDS > Detection > General .

For Monitored Interface, select the interface the NIDS monitors for network attacks. You can select only

one interface. Selecting none stops NIDS monitoring.

For Checksum Verification, check the type of traffic on which to run checksum verifications.

Checksum verification verifies that files passing through the DFL-500 have not been altered. The NIDS

can run checksum verifications on IP, TCP, UDP, and ICMP traffic. For maximum protection, you can turn

on checksum verification for all types of traffic. However, if the DFL-500 does not need to do checksum

verification, you can turn it off for some or all types of traffic to improve performance. You may not need to

run checksum verifications if your DFL-500 is installed behind a router that also does checksum

verification.

Select Apply to save your changes.

DFL-500 User Manual

Table of Contents

Exploits; Nids Evasion; Configuring Nids Detection - D-Link DFL-500 User Manual

Exploits

NIDS evasion

Configuring NIDS detection

Related Manuals for D-Link DFL-500

Related Products for D-Link DFL-500

Table of Contents