Intrusion Detection; Table 34 Ids: Detectable Attacks - ZyXEL Communications ZyXEL Prestige 794M User Manual

Prestige 794M User's Guide
Table 33 Firewall: Packet Filters: Add Raw Filter (continued)
LABEL
Apply
Return

6.5 Intrusion Detection

The Prestige's Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion
attempts from the Internet. When you enable IDS on the Prestige, inbound packets are filtered
and blocked depending on whether they are detected as possible hacker attacks, intrusion
attempts or other connections that the router determines to be suspicious.
If the Prestige detects a possible attack, the source IP or destination IP address will be added to
the Blacklist. Any further attempts using this IP address will be blocked for the time period
specified in the Block Duration field. The default setting for this function is false (disabled).
Some attack types are denied immediately without using the Blacklist function, such as Land
attack and Echo/CharGen scan.
The following table lists the types of attacks that the IDS is able to detect and the actions
performed.

Table 34 IDS: Detectable Attacks

NAME
Ascend Kill
WinNuke
Smurf
Land attack
Echo/
CharGen
Scan
Echo Scan
CharGen
Scan
X'mas Tree
Scan
IMAP
SYN/FIN
Scan
71
DESCRIPTION
Click Apply to save the settings and return to the main Packet Filter screen.
Click Return to discard all changes and go back to the main Packet Filter screen.
PARAMETER BLACKLIST
Ascend Kill data Source IP
TCP Source IP
Port 135, 137~139,
Flag: URG
ICMP type 8 Destination
IP
Des IP is broadcast
SrcIP = DstIP
UDP Echo Port and
CharGen Port
UDP Dst Port = Source IP
Echo(7)
UDP Dst Port = Source IP
CharGen(19)
TCP Flag: X'mas Source IP
TCP Flag: SYN/FIN Source IP
DstPort: IMAP(143)
SrcPort: 0 or 65535
TYPE OF BLOCK
DROP PACKET LOG
DURATION
DoS Yes
DoS Yes
Victim Protection Yes
Yes
Yes
Scan Yes
Scan Yes
Scan Yes
Scan Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Chapter 6 Firewall