1. Home
    2. /
  2. Manuals
    3. /
  3. Allied-Telesis
    4. /
  4. AT-iMG624A
    5. /
  5. 81
Page 401 / 998 Scroll up to view Page 396 - 400
Security command reference
Security
4-99
iMG/RG Software Reference Manual (IPNetwork Functions)
Options
The following table gives the range of values for each option that can be specified with
this command and a default value (if applicable).
Example
--> security set IDS MaliciousAttackBlock 3600
4.2.7.1.49 SECURITY SET IDS MAXICMP
Syntax
SECURITY SET IDS MAXICMP <MAX>
Description
This command sets the maximum number of ICMP packets per second that are allowed
before an ICMP Flood is detected. An ICMP Flood is a DOS (Denial of Service) attack. An
attacker tries to flood the network with ICMP packets in order to prevent transportation
of legitimate network traffic. Once the maximum number of ICMP packets per second is
reached, an attempted ICMP Flood is detected.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> security set IDS MaxICMP 200
4.2.7.1.50 SECURITY SET IDS MAXPING
Syntax
SECURITY SET IDS MAXPING <MAX>
Description
This command sets the maximum number of pings per second that are allowed before an
Echo Storm is detected. Echo Storm is a DOS (Denial of Service) attack. An attacker
sends oversized ICMP datagrams to the system using the ‘ping’ command. This can cause
the system to crash, freeze or reboot, resulting in denial of service to legitimate users.
Once the maximum number of pings per second is reached, an attempted DOS attack is
detected.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Option
Description
Default Value
duration
The length of time (in seconds) that suspicious
hosts are blocked for once a malicious attack
attempt has been detected.
1800
(30 minutes)
Option
Description
Default Value
max
The maximum number (per second) of ICMP pack-
ets that are allowed before an ICMP Flood attempt
is detected.
100
Page 402 / 998
Security
Security command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-100
Example
--> security set IDS MaxPING 25
4.2.7.1.51 SECURITY SET IDS MAXTCPOPENHANDSHAKE
Syntax
SECURITY SET IDS MAXTCPOPENHANDSHAKE <MAX>
Description
This command sets the maximum number of unfinished TCP handshaking sessions per
second that are allowed before a SYN Flood is detected. SYN Flood is a DOS (Denial of
Service) attack. When establishing normal TCP connections, three packets are
exchanged:
1 A SYN (synchronize) packet is sent from the host to the network server
2 A SYN/ACK packet is sent from the network server to the host
3 An ACK (acknowledge) packet is sent from the host to the network server
If the host sends unreachable source addresses in the SYN packet, the server sends the
SYN/ACK packets to the unreachable addresses and keeps resending them. This creates
a backlog queue of unacknowledged SYN/ACK packets. Once the queue is full, the sys-
tem will ignore all incoming SYN requests and no legitimate TCP connections can be
established.
Once the maximum number of unfinished TCP handshaking sessions is reached, an
attempted DOS attack is detected. The suspected attacker is blocked for the time limit
specified in the security set IDS DOSattackblock command.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> security set IDS MaxTCPopenhandshake 150
Option
Description
Default Value
max
The maximum number (per second) of pings that
are allowed before an Echo Storm attempt is
detected.
15
Option
Description
Default Value
max
The maximum number (per second) of unfinished
TCP handshaking sessions that are allowed before a
SYN Flood attempt is detected..
100
Page 403 / 998
Security command reference
Security
4-101
iMG/RG Software Reference Manual (IPNetwork Functions)
4.2.7.1.52 SECURITY SET IDS SCANATTACKBLOCK
Syntax
SECURITY SET IDS SCANATTACKBLOCK <DURATION>
Description
This command allows you to set the scan attack block duration Intrusion Detection Set-
ting (IDS). If hosts are blocked for a set time limit, this command allows you to specify the
duration of the block time limit.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> security set IDS SCANattackblock 43200
4.2.7.1.53 SECURITY SET IDS FLOODPERIOD
Syntax
SECURITY SET IDS FLOODPERIOD <DURATION>
Description
This command allows you to set the time limit during which suspected SYN floods are
counted. If the number of SYN floods counted within the specified duration is greater
than the threshold set by either SECURITY SET IDS FLOODTHRESHOLD OR SECU-
RITY SET IDS PORTFLOODTHRESHOLD, the suspected attacker is blocked for the
time limit specified in the command SECURITY SET IDS DOSATTACKBLOCK.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> security set IDS floodperiod 60
4.2.7.1.54 SECURITY SET IDS FLOODTHRESHOLD
Syntax
SECURITY SET IDS FLOODTHRESHOLD <MAX>
Description
This command allows you to set the maximum number of SYN packets allowed before a
flood is detected. If the number of SYN packets counted within the time duration set by
the command SECURITY SET IDS FLOODPERIOD is greater than the maximum value
Option
Description
Default Value
duration
The length of time (in seconds) that a suspicious
host is blocked for, after scan activity has been
detected.
86400 (one day)
Option
Description
Default Value
duration
The length of time (in seconds) that suspected SYN
floods are counted for.
10
Page 404 / 998
Security
Security command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-102
set here, the suspected attacker is blocked for the time limit specified in the command
SECURITY SET IDS DOSATTACKBLOCK.
For example, using the default settings, if more than 20 SYN packets are received per
second for a 10 second duration, the attacker is blocked.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> security set IDS floodthreshold 25
4.2.7.1.55 SECURITY SET IDS PORTFLOODTHRESHOLD
Syntax
SECURITY SET IDS PORTFLOODTHRESHOLD <MAX>
Description
This command allows you to set the maximum number of SYN packets that can be sent
to a single port before a port flood is detected. If the number of SYN packets counted
within the time duration set by the command SECURITY SET IDS FLOODPERIOD is
greater than the maximum value set here, the suspected attacker is blocked for the time
limit specified in the command SECURITY SET IDS DOSATTACKBLOCK.
For example, using the default settings, if more than 10 SYN packets are received per
second for a 10 second duration, the attacker is blocked.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> security set IDS portfloodthreshold 15
4.2.7.1.56 SECURITY SET IDS SCANPERIOD
Syntax
SECURITY SET IDS SCANPERIOD <DURATION>
Option
Description
Default Value
max
Maximum number of SYN packets that can be
received before a flood is detected.
20 (per second)
Option
Description
Default Value
max
Maximum number of SYN packets that can be
received by a single port before a flood is
detected.
10 (per second)
Page 405 / 998
Security command reference
Security
4-103
iMG/RG Software Reference Manual (IPNetwork Functions)
Description
This command allows you to set the time limit during which scanning type traffic (such as
closed TCP port reviving SYN/ACK, FIN or RST) is counted. If the number of scanning
packets counted within the specified duration is greater than the threshold set by SECU-
RITY SET IDS SCANTHRESHOLD, the suspected attacker is blocked for the time limit
specified in the command SECURITY SET IDS SCANATTACKBLOCK.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> security set IDS scanperiod 90
4.2.7.1.57 SECURITY SET IDS SCANTHRESHOLD
Syntax
SECURITY SET IDS SCANTHRESHOLD <MAX>
Description
This command allows you to set the maximum number of scanning packets that can be
received before a port scan is detected. If the number of scanning packets counted within
the time duration set by the command SECURITY SET IDS SCANPERIOD is greater than
the maximum value set here, the suspected attacker is blocked for the time limit specified
in the command SECURITY SET IDS SCANATTACKBLOCK.
For example, using the default settings, if more than 5 scanning packets are received per
second for a 60 second duration, the attacker is blocked.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> security set IDS scanthreshold 8
See also
Option
Description
Default Value
duration
The length of time (in seconds) that scanning type
traffic is counted for.
60 (seconds)
Option
Description
Default Value
max
Maximum number of scanning packets that can be
received before a port scan attack is detected.
5 (per second)

Rate

4 / 5 based on 3 votes.

Popular Allied-Telesis Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top