Table of Contents
Advertisement
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event
Log but it will not be able to protect against such attacks.
Hacker attack types recognized by the IDS
Intrusion Name
Detect Parameter Blacklist
Ascend Kill
Ascend Kill data
TCP
WinNuke
Port 135, 137~139,
Flag: URG
ICMP type 8
Smurf
Des IP is broadcast
Land attack
SrcIP = DstIP
UDP Echo Port and
Echo/CharGen Scan
CharGen Port
UDP Dst Port =
Echo Scan
Echo(7)
UDP Dst Port =
CharGen Scan
CharGen(19)
X'mas Tree Scan
TCP Flag: X'mas
TCP Flag: SYN/FIN
IMAP
DstPort: IMAP(143)
SYN/FIN Scan
SrcPort: 0 or 65535
TCP,
SYN/FIN/RST/ACK
No Existing session
Scan
And
more than five.
TCP
No Existing session
Net Bus Scan
DstPort = Net Bus
12345,12346, 3456
UDP,
Back Orifice Scan
Orifice Port (31337)
Max
SYN Flood
Handshaking Count
(Default 100 c/sec)
Max ICMP Count
ICMP Flood
(Default 100 c/sec)
Max PING Count
ICMP Echo
(Default 15 c/sec)
Src IP
Src IP
Dst IP
Src IP
Src IP
Src IP
Src IP
Src IP
Scan
Hosts
SrcIP
DstPort
=
SrcIP
TCP
Open
84
Type of Block
Drop Packet Show Log
Duration
DoS
Yes
DoS
Yes
Victim
Yes
Protection
Yes
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Hide quick links:
Advertisement
Table of Contents
