Table of Contents
Advertisement
Table 2: Hacker attack types recognized by the IDS
Intrusion Name
Detect Parameter
Ascend Kill
Ascend Kill data
TCP
WinNuke
Port 135, 137~139,
Flag: URG
ICMP type 8
Smurf
Des IP is broadcast
Land attack
SrcIP = DstIP
UDP Echo Port and
Echo/CharGen Scan
CharGen Port
UDP Dst
Echo Scan
Echo(7)
UDP Dst
CharGen Scan
CharGen(19)
X'mas Tree Scan
TCP Flag: X'mas
TCP Flag: SYN/FIN
IMAP
DstPort: IMAP(143)
SYN/FIN Scan
SrcPort: 0 or 65535
TCP,
SYN/FIN/RST/ACK
No Existing session
Scan
And
more than five.
TCP
No Existing session
Net Bus Scan
DstPort = Net Bus
12345,12346, 3456
UDP,
Back Orifice Scan
Orifice Port (31337)
Max
SYN Flood
Handshaking Count
(Default 100 c/sec)
Max ICMP Count
ICMP Flood
(Default 100 c/sec)
Max PING Count
ICMP Echo
(Default 15 c/sec)
Src IP: Source IP
Dst Port: Destination Port
Chapter 4: Configuration
Blacklist
Src IP
Src IP
Dst IP
Port =
Src IP
Port =
Src IP
Src IP
Src IP
Src IP
Scan
Hosts
SrcIP
DstPort
=
SrcIP
TCP
Open
Src Port: Source Port
Dst IP: Destination IP
Type of Block
Drop Packet Show Log
Duration
DoS
Yes
DoS
Yes
Victim
Yes
Protection
Yes
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Scan
Yes
Billion 800VGT Router
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
65
Advertisement
Table of Contents
