Intrusion Detection - Atlantis Land A02-RAV260-W54 User Manual

Voip adsl+ wireless router

Hide thumbs Also See for A02-RAV260-W54:

Technical features (2 pages)

Specification (2 pages)

Specifications (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

page of 121

/ 121
Contents
Table of Contents
Bookmarks

Table of Contents

VoIPMaster 260W

3.6.3.4.3 Intrusion Detection

The router's Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion

attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are

filtered and blocked depending on whether they are detected as possible hacker attacks,

intrusion attempts or other connections that the router determines to be suspicious.

Blacklist: If the router detects a possible attack, the source IP or destination IP address will be

added to the Blacklist. Any further attempts using this IP address will be blocked for the time

period specified as the Block Duration. The default setting for this function is false (disabled).

Some attack types are denied immediately without using the Blacklist function, such as Land

attack and Echo/CharGen scan.

Block Duration:

• DoS Attack Block Duration: This is the duration for blocking hosts that attempt a possible

Denial of Service (DoS) attack. Possible DoS attacks this attempts to block include Ascend Kill

and WinNuke. Default value is 1800 seconds.

• Scan Attack Block Duration: This is the duration for blocking hosts that attempt a possible

Scan attack. Scan attack types include X'mas scan, IMAP SYN/FIN scan and similar attempts.

Default value is 86400 seconds.

• Victim Protection Block Duration: This is the duration for blocking Smurf attacks. Default

value is 600 seconds.

Victim Protection: If enabled, IDS will block Smurf attack attempts. Default is false.

Max TCP Open Handshaking Count: This is a threshold value to decide whether a SYN Flood

attempt is occurring or not. Default value is 100 TCP SYN per seconds.

Max PING Count: This is a threshold value to decide whether an ICMP Echo Storm is occurring

or not. Default value is 15 ICMP Echo Requests (PING) per second.

Max ICMP Count: This is a threshold to decide whether an ICMP flood is occurring or not.

Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log.

It cannot protect against such attacks.

Table of Contents

This manual is also suitable for:

Voipmaster 260w

Intrusion Detection - Atlantis Land A02-RAV260-W54 User Manual

3.6.3.4.3 Intrusion Detection

Related Manuals for Atlantis Land A02-RAV260-W54

Related Content for Atlantis Land A02-RAV260-W54

This manual is also suitable for:

Table of Contents