Billion BiPAC 7404V(G)OX/V(G)PX User Manual page 105

Clear Blacklist: Clear the current blacklist.
Blacklist: Show the blacklist information.
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log.
It cannot protect against such attacks.
Intrusion Name
Ascend Kill
WinNuke
Smurf
Land attack
Echo/CharGen
Scan
Echo Scan
CharGen Scan
X'mas Tree Scan
IMAP
SYN/FIN Scan
SYN/FIN/RST/ACK
Scan
Net Bus Scan
Back Orifice Scan
Table 2: Hacker attack types recognized by the IDS
Detect Parameter
Ascend Kill data
TCP Port
135,
137~139, Flag:
URG
ICMP type 8
Des IP is
broadcast
SrcIP = DstIP
UDP Echo Port and
CharGen Port
UDP Dst Port =
Echo(7)
UDP Dst Port =
CharGen(19)
TCP Flag: X'mas
TCP Flag: SYN/
FIN DstPort:
IMAP(143)
SrcPort: 0 or
65535
TCP,
No Existing session
And Scan Hosts more
than five.
TCP
No Existing
session
DstPort = Net Bus
12345,12346,
3456
UDP, DstPort
= Orifice Port
(31337)
Type of Block
Blacklist
Duration
Src IP DoS
Src IP DoS
Victim
Dst IP
Protection
Src IP Scan
Src IP Scan
Src IP Scan
Src IP Scan
Src IP Scan
SrcIP Scan
SrcIP Scan
100
Drop
Show Log
Packet
Yes Yes
Yes Yes
Yes Yes
Yes Yes
Yes Yes
Yes Yes
Yes Yes
Yes Yes
Yes Yes
Yes Yes
Yes Yes
Yes Yes