Intrusion Detection System (Ids) - Patton electronics IPLink 2603 Getting Started Manual

Iplink series high speed routers

Hide thumbs Also See for IPLink 2603:

Quick start manual (9 pages)

Specification sheet (2 pages)

Getting started manual (133 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

page of 133

/ 133
Contents
Table of Contents
Bookmarks

Table of Contents

Models 2603, 2621, and 2635 Getting Started Guide

Intrusion Detection System (IDS)

The security feature in the IPLink Router provides protection from a number of attacks. Some attacks cause a

host to be blacklisted (i.e., no trafﬁc from that host is accepted under any circumstances) for a period of time.

Other attacks are simply logged. The subsequent table is a summary of the attacks detected.

Ascend Kill

Echo/Chargen

Echo Scan

WinNuke

Xmas Tree Scan

IMAP SYN/FIN Scan TCP

Smurf

SYN/FIN/RST Flood TCP

Net Bus Scan

Back Oriﬁce Scan

1. To enable IDS, click on Enabled for "Intrusion Detection Enabled" on the "Security Interface Conﬁgura-

tion" page. Then click on Change State.

2. Click on Conﬁgure Intrusion Detection...

3. You may choose which of the parameters to conﬁgure and for which value.

– Use Blacklist: Default = 10 minutes when enabled.

If IDS has detected an intrusion an external host, access to the network is denied for ten minutes.

– Use Victim Protection: Default = Disabled.

Victim Protection. When enabled, Victim Protection protects the victim from an attempted spooﬁng attack.

Web spooﬁng allows an attacker to create a 'shadow' copy of the world wide web (WWW). All access to the

shadow Web goes through the attacker's machine, so the attacker can monitor all of the victim's activities and

send false data to or from the victim's machine. When enabled, packets destined for the victim host of a spook-

ing style attack are blocked.

– Victim Protection Block Duration: Default = 600 seconds

– DOS Attack Block Duration:Default = 1800 seconds (30 minutes).

A Denial of Service (DOS) attack is an attempt by an attacker to prevent legitimate users from using a service.

If a DOS attack is detected, all suspicious hosts are blocked by the ﬁrewall for a set time limit

– Scan Attack Block Duration:Default = 86400 seconds

Sets the duration for blocking all suspicious hosts. The ﬁrewall detects when the system is being scanned by a

suspicious host attempting to identify any open ports.

Intrusion Detection System (IDS)

Attack Name

Protocol

UDP

TCP

ICMP

TCP

UDP

Attacking Host

Blacklisted?

yes

If victim protection set

If scanning threshold

exceeded

yes

7 • Security

Table of Contents

This manual is also suitable for:

Iplink 2621 Iplink 2635

Intrusion Detection System (Ids) - Patton electronics IPLink 2603 Getting Started Manual

Intrusion Detection System (IDS)

Intrusion Detection System (IDS)

Related Manuals for Patton electronics IPLink 2603

Related Content for Patton electronics IPLink 2603

This manual is also suitable for:

Table of Contents