Billion 400G Router Manual PDF (Setup & Configuration Guide)

Page 56 / 88 Scroll up to view Page 51 - 55

Billion 400G

Router

Chapter 4: Configuration

53

Configuring Packet Filter:

1.

Click

Packet Filters

. You will then be presented with the predefined port filter rules screen (in this case for the

low security level), shown below:

Note:

You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter

on your own.

2.

Choose the radio button for the existing HTTP rule that you wish to delete. Click

Edit/Delete

button to delete

this existing HTTP rule.

3.

Input the Rule Name, Time Schedule, Source/Destination IP, Type, Source/Destination Port, Inbound and

Outbound.

Page 57 / 88

Billion 400G

Router

Chapter 4: Configuration

54

Example

:

Application:

Cindy_HTTP

Time Schedule:

Always On

Source / Destination IP Address(es):

0.0.0.0

(

Allow all addresses

)

Type:

TCP (Please refer to Table1: Predefined Port Filter)

Source Port:

0-65535

(I allow all ports to connect with the application))

Redirect Port:

80-80

(This is Port defined for HTTP)

Inbound / Outbound:

Allow

4.

The new port filter rule for HTTP is shown below:

5.

Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be

forwarded to the PC running your web server:

Note:

For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section for more

details.

Page 58 / 88

Billion 400G

Router

Chapter 4: Configuration

55

Intrusion Detection

The router’s

Intrusion Detection System

(IDS) is used to detect hacker attacks and intrusion attempts from the

Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on

whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router

determines to be suspicious.

Blacklist

: If the router detects a possible attack, the source IP or destination IP address will be added to the

Blacklist. Any further attempts using this IP address will be blocked for the time period specified as the

Block

Duration

. The default setting for this function is false (disabled). Some attack types are denied immediately without

using the Blacklist function, such as

Land attack

and

Echo/CharGen scan

.

Intrusion Detection

: If enabled, IDS will block Smurf attack attempts. Default is false.

Block Duration:

²

Victim Protection Block Duration

: This is the duration for blocking

Smurf

attacks. Default value is 600

seconds.

²

Scan Attack Block Duration

: This is the duration for blocking hosts that attempt a possible Scan attack.

Scan attack types include

X’mas scan, IMAP SYN/FIN scan

and similar attempts. Default value is 86400

seconds.

²

DoS Attack Block Duration

: This is the duration for blocking hosts that attempt a possible Denial of

Service (DoS) attack. Possible DoS attacks this attempts to block include

Ascend Kill

and

WinNuke

. Default

value is 1800 seconds.

Page 59 / 88

Billion 400G

Router

Chapter 4: Configuration

56

Max TCP Open Handshaking Count

: This is a threshold value to decide whether a

SYN Flood

attempt is occurring

or not. Default value is 100 TCP SYN per seconds.

Max PING Count

: This is a threshold value to decide whether an

ICMP Echo Storm

is occurring or not.

Default

value is 15 ICMP Echo Requests (PING) per second.

Max ICMP Count

: This is a threshold to decide whether an

ICMP flood

is occurring or not. Default value is 100

ICMP packets per seconds except ICMP Echo Requests (PING).

For

SYN Flood

,

ICMP Echo Storm

and

ICMP flood

, IDS will just warn the user in the Event Log. It cannot protect

against such attacks.

Page 60 / 88

Billion 400G

Router

Chapter 4: Configuration

57

Table 2: Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter

Blacklist

Type of Block

Duration

Drop Packet

Show Log

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

WinNuke

TCP

Port 135, 137~139,

Flag: URG

Src IP

DoS

Yes

Smurf

ICMP type 8

Des IP is broadcast

Dst IP

Victim Protection Yes

Yes

Land attack

SrcIP = DstIP

Yes

Echo/CharGen Scan

UDP Echo Port and

CharGen Port

Yes

Echo Scan

UDP

Dst

Port

=

Echo(7)

Src IP

Scan

Yes

CharGen Scan

UDP

Dst

Port

=

CharGen(19)

Src IP

Scan

Yes

X’mas Tree Scan

TCP Flag: X’mas

Src IP

Scan

Yes

IMAP

SYN/FIN Scan

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

Src IP

Scan

Yes

SYN/FIN/RST/ACK

Scan

TCP,

No Existing session

And Scan Hosts more

than five.

Src IP

Scan

Yes

Net Bus Scan

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

SrcIP

Scan

Yes

Back Orifice Scan

UDP, DstPort = Orifice

Port (31337)

SrcIP

Scan

Yes

SYN Flood

Max

TCP

Open

Handshaking

Count

(Default 100 c/sec)

Yes

ICMP Flood

Max

ICMP

Count

(Default 100 c/sec)

Yes

ICMP Echo

Max PING Count

(Default 15 c/sec)

Yes

Src IP

: Source IP

Src Port

: Source Port

Dst Port

: Destination Port

Dst IP

: Destination IP

Rate

Popular Billion Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share