Zhone 1752 shdsl ユーザーズマニュアル

    

 

The values displayed on the Firewall Configure Intrusion Detection page are the default 
values. 

2 .Configure Intrusion Detection as follows:  

a. Use Blacklist. Select true or false depending on whether you want external hosts to be 
blacklisted if the Firewall detects an intrusion from that host. Click on the Clear Blacklist 
button at the bottom of the page to clear blacklisting of an external host. 

The Security Interface Configuration page is displayed. 

b. Use Victim Protection. Select true or false depending on whether you want to protect a 
victim from an attempted web spoofing attack. 

c. DOS Attack Block Duration. Type the length of time (in seconds) that the Firewall blocks 
suspicious hosts for once a DOS attack attempt has been detected. 

d. Scan Attack Block Duration. Type the length of time (in seconds) that the Firewall blocks 
suspicious hosts for after it has detected scan activity. 

e. Victim Protection Block Duration. Type the length of time (in seconds) that the Firewall 
blocks packets destined for the victim of a spoofing style attack. 

f. Maximum TCP Open Handshaking Count. Type in the maximum number of unfinished TCP 
handshaking sessions (per second) that are allowed by Firewall before a SYN Flood is 
detected. 

g. Maximum Ping Count. Type in the maximum number of pings (per second) that are 
allowed before the Firewall detects an Echo Storm DOS attack. 

h. Maximum ICMP Count. Type in the maximum number of ICMP packets (per second) that 
are allowed by the Firewall before an ICMP Flood DOS is detected. 

3. Once you have configured Intrusion Detection, click on

. The Intrusion Detection 

settings are applied to the Firewall, and the Security Interface Configuration page is displayed. 

62                                                                              June 2005                                                              1752-A2-GB20-00