Table of Contents
Advertisement
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the
Event Log but it will not be able to protect against such attacks
Hacker attack types recognized by the IDS
Intrusion Name
Ascend Kill
WinNuke
Smurf
Land attack
Echo/CharGen
Scan
Echo Scan
CharGen Scan
X'mas Tree Scan
IMAP
SYN/FIN Scan
SYN/FIN/RST/ACK
Scan
Net Bus Scan
Back Orifice Scan
SYN Flood
Detect Parameter
Ascend Kill data
TCP
Port135, 137~139,
Flag: URG
ICMP type 8
Des IP is broadcast
SrcIP = DstIP
UDP Echo Port and
CharGen Port
UDP Dst Port =
Echo(7)
UDP Dst Port =
CharGen(19)
TCP Flag: X‟mas
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
TCP,
No Existing session
And Scan Hosts more
than five.
TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456
UDP, DstPort = Orifice
Port (31337)
Max TCP Open
Handshaking Count
(Default 100 c/sec)
Type of
Blacklist
Block
Duration
Src IP
DoS
Src IP
DoS
Victim
Dst IP
Protection
Src IP
Scan
Src IP
Scan
Src IP
Scan
Src IP
Scan
Src IP
Scan
SrcIP
Scan
SrcIP
Scan
101
Drop
Show
Packet
Log
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Advertisement
Table of Contents
