Intrusion Detection - Billion BiPAC 7402G User Manual

Intrusion Detection

The router's Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion attempts
from the Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked
depending on whether they are detected as possible hacker attacks, intrusion attempts or other
connections that the router determines to be suspicious.
Blacklist: If the router detects a possible attack, the source IP or destination IP address will be added to
the Blacklist. Any further attempts using this IP address will be blocked for the time period specified as the
Block Duration. The default setting for this function is false (disabled). Some attack types are denied
immediately without using the Blacklist function, such as Land attack and Echo/CharGen scan.
Intrusion Detection: If enabled, IDS will block Smurf attack attempts. Default is false.
Block Duration:
Victim Protection Block Duration: This is the duration for blocking Smurf attacks. Default
value is 600 seconds.
Scan Attack Block Duration: This is the duration for blocking hosts that attempt a possible
Scan attack. Scan attack types include X'mas scan, IMAP SYN/FIN scan and similar attempts.
Chapter 4: Configuration
3G / ADSL2+ (802.11g) (VPN) Firewall Router
65