Billion Electric Company 400G User Manual
Billion 400G Router
Chapter 4: Configuration
57
Table 2: Hacker attack types recognized by the IDS
Intrusion Name
Detect Parameter
Blacklist
Type of Block
Duration
Duration
Drop Packet
Show Log
Ascend Kill
Ascend Kill data
Src IP
DoS
Yes
Yes
WinNuke
TCP
Port 135, 137~139,
Flag: URG
Port 135, 137~139,
Flag: URG
Src IP
DoS
Yes
Yes
Smurf
ICMP type 8
Des IP is broadcast
Des IP is broadcast
Dst IP
Victim Protection Yes
Yes
Land attack
SrcIP = DstIP
Yes
Yes
Echo/CharGen Scan
UDP Echo Port and
CharGen Port
CharGen Port
Yes
Yes
Echo Scan
UDP
Dst
Port
=
Echo(7)
Src IP
Scan
Yes
Yes
CharGen Scan
UDP
Dst
Port
=
CharGen(19)
Src IP
Scan
Yes
Yes
X’mas Tree Scan
TCP Flag: X’mas
Src IP
Scan
Yes
Yes
IMAP
SYN/FIN Scan
SYN/FIN Scan
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
DstPort: IMAP(143)
SrcPort: 0 or 65535
Src IP
Scan
Yes
Yes
SYN/FIN/RST/ACK
Scan
Scan
TCP,
No Existing session
And Scan Hosts more
than five.
No Existing session
And Scan Hosts more
than five.
Src IP
Scan
Yes
Yes
Net Bus Scan
TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456
No Existing session
DstPort = Net Bus
12345,12346, 3456
SrcIP
Scan
Yes
Yes
Back Orifice Scan
UDP, DstPort = Orifice
Port (31337)
Port (31337)
SrcIP
Scan
Yes
Yes
SYN Flood
Max
TCP
Open
Handshaking
Count
(Default 100 c/sec)
Yes
ICMP Flood
Max
ICMP
Count
(Default 100 c/sec)
Yes
ICMP Echo
Max PING Count
(Default 15 c/sec)
(Default 15 c/sec)
Yes
Src IP: Source IP
Src Port: Source Port
Dst Port: Destination Port
Dst IP: Destination IP