1. Home
    2. /
  2. Manuals
    3. /
  3. Allied-Telesis
    4. /
  4. AT-iMG624A
    5. /
  5. 87
Page 431 / 998 Scroll up to view Page 426 - 430
Firewall command reference
Firewall
4-129
iMG/RG Software Reference Manual (IPNetwork Functions)
4.3.2.0.25 FIREWALL SET IDS MAXPING
Syntax
FIREWALL SET IDS MAXPING <MAX>
Description
This command sets the maximum number of pings per second that are allowed before an
Echo Storm is detected. Echo Storm is a DOS (Denial of Service) attack. An attacker
sends oversized ICMP datagrams to the system using the ‘ping’ command. This can cause
the system to crash, freeze or reboot, resulting in denial of service to legitimate users.
Once the maximum number of pings per second is reached, an attempted DOS attack is
detected.
Note:
This command is nothing but an alias of the corresponding “security set IDS” command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall set IDS MaxPING 25
See also
security set IDS MaxPING
4.3.2.0.26 FIREWALL SET IDS MAXTCPOPENHANDSHAKE
Syntax
FIREWALL SET IDS MAXTCPOPENHANDSHAKE <MAX>
Description
This command sets the maximum number of unfinished TCP handshaking sessions per
second that are allowed before a SYN Flood is detected. SYN Flood is a DOS (Denial of
Service) attack. When establishing normal TCP connections, three packets are
exchanged:
1 A SYN (synchronize) packet is sent from the host to the network server
2 A SYN/ACK packet is sent from the network server to the host
3 An ACK (acknowledge) packet is sent from the host to the network server
If the host sends unreachable source addresses in the SYN packet, the server sends the
SYN/ACK packets to the unreachable addresses and keeps resending them. This creates a
backlog queue of unacknowledged SYN/ACK packets. Once the queue is full, the system
will ignore all incoming SYN requests and no legitimate TCP connections can be estab-
lished.
Option
Description
Default Value
max
The maximum number (per second) of pings that are
allowed before an Echo Storm attempt is detected.
15
Page 432 / 998
Firewall
Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-130
Once the maximum number of unfinished TCP handshaking sessions is reached, an
attempted DOS attack is detected. The suspected attacker is blocked for the time limit
specified in the FIREWALL SET IDS DOSattackblock command.
Note:
This command is nothing but an alias of the corresponding “security set IDS” command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall set IDS MaxTCPopenhandshake 150
See also
security set IDS MaxTCPopenhandshake
4.3.2.0.27 FIREWALL SET IDS SCANATTACKBLOCK
Syntax
FIREWALL SET IDS SCANATTACKBLOCK <DURATION>
Description
This command allows you to set the scan attack block duration Intrusion Detection Set-
ting (IDS). If hosts are blocked for a set time limit, this command allows you to specify
the duration of the block time limit.
Note:
This command is nothing but an alias of the corresponding “security set IDS” command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall set IDS SCANattackblock 43200
See also
security set IDS SCANattackblock
4.3.2.0.28 FIREWALL SET IDS FLOODPERIOD
Syntax
FIREWALL SET IDS FLOODPERIOD <DURATION>
Option
Description
Default Value
max
The maximum number (per second) of unfinished
TCP handshaking sessions that are allowed before a
SYN Flood attempt is detected..
100
Option
Description
Default Value
duration
The length of time (in seconds) that a suspicious
host is blocked for, after scan activity has been
detected.
86400 (one day)
Page 433 / 998
Firewall command reference
Firewall
4-131
iMG/RG Software Reference Manual (IPNetwork Functions)
Description
This command allows you to set the time limit during which suspected SYN floods are
counted. If the number of SYN floods counted within the specified duration is greater
than the threshold set by either FIREWALL SET IDS FLOODTHRESHOLD OR FIRE-
WALL SET IDS PORTFLOODTHRESHOLD, the suspected attacker is blocked for the
time limit specified in the command FIREWALL SET IDS DOSATTACKBLOCK.
Note:
This command is nothing but an alias of the corresponding “security set IDS” command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall set IDS floodperiod 60
See also
security set IDS floodperiod
4.3.2.0.29 FIREWALL SET IDS FLOODTHRESHOLD
Syntax
FIREWALL SET IDS FLOODTHRESHOLD <MAX>
Description
This command allows you to set the maximum number of SYN packets allowed before a
flood is detected. If the number of SYN packets counted within the time duration set by
the command FIREWALL SET IDS FLOODPERIOD is greater than the maximum value
set here, the suspected attacker is blocked for the time limit specified in the command
FIREWALL SET IDS DOSATTACKBLOCK.
For example, using the default settings, if more than 20 SYN packets are received per sec-
ond for a 10 second duration, the attacker is blocked.
Note:
This command is nothing but an alias of the corresponding “security set IDS” command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Option
Description
Default Value
duration
The length of time (in seconds) that suspected
SYN floods are counted for.
10
Option
Description
Default Value
max
Maximum number of SYN packets that can be
received before a flood is detected.
20 (per second)
Page 434 / 998
Firewall
Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-132
Example
--> firewall set IDS floodthreshold 25
See also
security set IDS floodthreshold
4.3.2.0.30 FIREWALL SET IDS PORTFLOODTHRESHOLD
Syntax
FIREWALL SET IDS PORTFLOODTHRESHOLD <MAX>
Description
This command allows you to set the maximum number of SYN packets that can be sent
to a single port before a port flood is detected. If the number of SYN packets counted
within the time duration set by the command FIREWALL SET IDS FLOODPERIOD is
greater than the maximum value set here, the suspected attacker is blocked for the time
limit specified in the command FIREWALL SET IDS DOSATTACKBLOCK.
For example, using the default settings, if more than 10 SYN packets are received per
second for a 10 second duration, the attacker is blocked.
Note:
This command is nothing but an alias of the corresponding “security set IDS” command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall set IDS portfloodthreshold 15
See also
security set IDS portfloodthreshold
4.3.2.0.31 FIREWALL SET IDS SCANPERIOD
Syntax
FIREWALL SET IDS SCANPERIOD <DURATION>
Description
This command allows you to set the time limit during which scanning type traffic (such as
closed TCP port reviving SYN/ACK, FIN or RST) is counted. If the number of scanning
packets counted within the specified duration is greater than the threshold set by FIRE-
WALL SET IDS SCANTHRESHOLD, the suspected attacker is blocked for the time limit
specified in the command FIREWALL SET IDS SCANATTACKBLOCK.
Note:
This command is nothing but an alias of the corresponding “security set IDS” command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Option
Description
Default Value
max
Maximum number of SYN packets that can be
received by a single port before a flood is detected.
10 (per second)
Page 435 / 998
Firewall command reference
Firewall
4-133
iMG/RG Software Reference Manual (IPNetwork Functions)
Example
--> firewall set IDS scanperiod 90
See also
security set IDS scanperiod
4.3.2.0.32 FIREWALL SET IDS SCANTHRESHOLD
Syntax
FIREWALL SET IDS SCANTHRESHOLD <MAX>
Description
This command allows you to set the maximum number of scanning packets that can be
received before a port scan is detected. If the number of scanning packets counted within
the time duration set by the command FIREWALL SET IDS SCANPERIOD is greater than
the maximum value set here, the suspected attacker is blocked for the time limit specified
in the command FIREWALL SET IDS SCANATTACKBLOCK.
For example, using the default settings, if more than 5 scanning packets are received per
second for a 60 second duration, the attacker is blocked.
Note:
This command is nothing but an alias of the corresponding “security set IDS” command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall set IDS scanthreshold 8
See also
security set IDS scanthreshold
4.3.2.0.33 FIREWALL SHOW IDS
Syntax
FIREWALL SHOW IDS
Description
This command displays the following information about IDS settings:
IDS enabled status (true or false)
Blacklist status (true or false)
Option
Description
Default Value
duration
The length of time (in seconds) that scanning type
traffic is counted for.
60 (seconds)
Option
Description
Default Value
max
Maximum number of scanning packets that can be
received before a port scan attack is detected.
5 (per second)

Rate

4 / 5 based on 3 votes.

Popular Allied-Telesis Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top