Table of Contents
Advertisement
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log but it
will not be able to protect against such attacks.
Hacker attack types recognized by the IDS
Intrusion Name
Ascend Kill
WinNuke
Smurf
Land attack
Echo/CharGen Scan
Echo Scan
CharGen Scan
X'mas Tree Scan
IMAP
SYN/FIN Scan
SYN/FIN/RST/ACK
Scan
Net Bus Scan
Back Orifice Scan
SYN Flood
ICMP Flood
ICMP Echo
Src IP: Source IP
Dst Port: Destination Port
Detect Parameter Blacklist
Ascend Kill data
Src IP
TCP
Port 135, 137~139,
Src IP
Flag: URG
ICMP type 8
Dst IP
Des IP is broadcast
SrcIP = DstIP
UDP Echo Port and
CharGen Port
UDP Dst Port =
Src IP
Echo(7)
UDP Dst Port =
Src IP
CharGen(19)
TCP Flag: X'mas
Src IP
TCP Flag: SYN/FIN
DstPort: IMAP(143)
Src IP
SrcPort: 0 or 65535
TCP,
No Existing session
Src IP
And
Scan
Hosts
more than five.
TCP
No Existing session
SrcIP
DstPort = Net Bus
12345,12346, 3456
UDP,
DstPort
=
SrcIP
Orifice Port (31337)
Max
TCP
Open
Handshaking Count
(Default 100 c/sec)
Max ICMP Count
(Default 100 c/sec)
Max PING Count
(Default 15 c/sec)
Src Port: Source Port
Dst IP: Destination IP
Type of Block
Duration
DoS
DoS
Victim
Protection
Scan
Scan
Scan
Scan
Scan
Scan
Scan
111
Drop Packet Show Log
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Advertisement
Table of Contents
