Billion Electric Company BIPAC 8500 ユーザーズマニュアル

Billion BIPAC-8500 / 8520 SHDSL VPN Firewall Bridge / Router

Chapter 4: Configuration

Max PING Count

: This is a threshold value to decide whether an ICMP Echo Storm is

occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.

Max ICMP Count

: This is a threshold to decide whether an ICMP flood is occurring or not.

Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event
Log. It cannot protect against such attacks.

Table 2: Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter Blacklist

Type of

Block

Duration

Drop

Packet

Show Log

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

WinNuke

TCP

Port 135, 137~139,

Flag: URG

Src IP

DoS

Yes

Smurf

ICMP type 8

Des IP is broadcast

Dst IP

Victim

Protection

Yes Yes

Land attack

SrcIP = DstIP

Yes

Echo/CharGen Scan

UDP Echo Port and

CharGen Port

Yes

Echo Scan

UDP Dst Port =

Echo(7)

Src IP

Scan

Yes

CharGen Scan

UDP Dst Port =

CharGen(19)

Src IP

Scan

Yes

X’mas Tree Scan

TCP Flag: X’mas

Src IP

Scan

Yes

IMAP

SYN/FIN Scan

TCP Flag: SYN/FIN

DstPort: IMAP(143)
SrcPort: 0 or 65535

Src IP

Scan

Yes

SYN/FIN/RST/ACK

Scan

TCP,

No Existing session

And Scan Hosts

more than five.

Src IP

Scan

Yes

Net Bus Scan

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

SrcIP Scan

Yes

Back Orifice Scan

UDP, DstPort =

Orifice Port (31337)

SrcIP Scan

Yes

SYN Flood

Max TCP Open

Handshaking Count

(Default 100 c/sec)

Yes

ICMP Flood

Max ICMP Count

(Default 100 c/sec)

Yes

ICMP Echo

Max PING Count

(Default 15 c/sec)

Yes

Src IP

: Source IP

Src

Port

: Source Port

Dst Port

: Destination Port

Dst IP

: Destination IP