Page 56 / 88 Scroll up to view Page 51 - 55
Billion 400G
Router
Chapter 4: Configuration
53
Configuring Packet Filter:
1.
Click
Packet Filters
. You will then be presented with the predefined port filter rules screen (in this case for the
low security level), shown below:
Note:
You may click Edit the predefined rule instead of Delete it. This is an example to show to how you add a filter
on your own.
2.
Choose the radio button for the existing HTTP rule that you wish to delete. Click
Edit/Delete
button to delete
this existing HTTP rule.
3.
Input the Rule Name, Time Schedule, Source/Destination IP, Type, Source/Destination Port, Inbound and
Outbound.
Page 57 / 88
Billion 400G
Router
Chapter 4: Configuration
54
Example
:
Application:
Cindy_HTTP
Time Schedule:
Always On
Source / Destination IP Address(es):
0.0.0.0
(
Allow all addresses
)
Type:
TCP (Please refer to Table1: Predefined Port Filter)
Source Port:
0-65535
(I allow all ports to connect with the application))
Redirect Port:
80-80
(This is Port defined for HTTP)
Inbound / Outbound:
Allow
4.
The new port filter rule for HTTP is shown below:
5.
Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80 will be
forwarded to the PC running your web server:
Note:
For how to configure the HTTP in Virtual Server, go to Add Virtual Server in Virtual Server section for more
details.
Page 58 / 88
Billion 400G
Router
Chapter 4: Configuration
55
Intrusion Detection
The router’s
Intrusion Detection System
(IDS) is used to detect hacker attacks and intrusion attempts from the
Internet. If the IDS function of the firewall is enabled, inbound packets are filtered and blocked depending on
whether they are detected as possible hacker attacks, intrusion attempts or other connections that the router
determines to be suspicious.
Blacklist
: If the router detects a possible attack, the source IP or destination IP address will be added to the
Blacklist. Any further attempts using this IP address will be blocked for the time period specified as the
Block
Duration
. The default setting for this function is false (disabled). Some attack types are denied immediately without
using the Blacklist function, such as
Land attack
and
Echo/CharGen scan
.
Intrusion Detection
: If enabled, IDS will block Smurf attack attempts. Default is false.
Block Duration:
²
Victim Protection Block Duration
: This is the duration for blocking
Smurf
attacks. Default value is 600
seconds.
²
Scan Attack Block Duration
: This is the duration for blocking hosts that attempt a possible Scan attack.
Scan attack types include
X’mas scan, IMAP SYN/FIN scan
and similar attempts. Default value is 86400
seconds.
²
DoS Attack Block Duration
: This is the duration for blocking hosts that attempt a possible Denial of
Service (DoS) attack. Possible DoS attacks this attempts to block include
Ascend Kill
and
WinNuke
. Default
value is 1800 seconds.
Page 59 / 88
Billion 400G
Router
Chapter 4: Configuration
56
Max TCP Open Handshaking Count
: This is a threshold value to decide whether a
SYN Flood
attempt is occurring
or not. Default value is 100 TCP SYN per seconds.
Max PING Count
: This is a threshold value to decide whether an
ICMP Echo Storm
is occurring or not.
Default
value is 15 ICMP Echo Requests (PING) per second.
Max ICMP Count
: This is a threshold to decide whether an
ICMP flood
is occurring or not. Default value is 100
ICMP packets per seconds except ICMP Echo Requests (PING).
For
SYN Flood
,
ICMP Echo Storm
and
ICMP flood
, IDS will just warn the user in the Event Log. It cannot protect
against such attacks.
Page 60 / 88
Billion 400G
Router
Chapter 4: Configuration
57
Table 2: Hacker attack types recognized by the IDS
Intrusion Name
Detect Parameter
Blacklist
Type of Block
Duration
Drop Packet
Show Log
Ascend Kill
Ascend Kill data
Src IP
DoS
Yes
Yes
WinNuke
TCP
Port 135, 137~139,
Flag: URG
Src IP
DoS
Yes
Yes
Smurf
ICMP type 8
Des IP is broadcast
Dst IP
Victim Protection Yes
Yes
Land attack
SrcIP = DstIP
Yes
Yes
Echo/CharGen Scan
UDP Echo Port and
CharGen Port
Yes
Yes
Echo Scan
UDP
Dst
Port
=
Echo(7)
Src IP
Scan
Yes
Yes
CharGen Scan
UDP
Dst
Port
=
CharGen(19)
Src IP
Scan
Yes
Yes
X’mas Tree Scan
TCP Flag: X’mas
Src IP
Scan
Yes
Yes
IMAP
SYN/FIN Scan
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
Src IP
Scan
Yes
Yes
SYN/FIN/RST/ACK
Scan
TCP,
No Existing session
And Scan Hosts more
than five.
Src IP
Scan
Yes
Yes
Net Bus Scan
TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456
SrcIP
Scan
Yes
Yes
Back Orifice Scan
UDP, DstPort = Orifice
Port (31337)
SrcIP
Scan
Yes
Yes
SYN Flood
Max
TCP
Open
Handshaking
Count
(Default 100 c/sec)
Yes
ICMP Flood
Max
ICMP
Count
(Default 100 c/sec)
Yes
ICMP Echo
Max PING Count
(Default 15 c/sec)
Yes
Src IP
: Source IP
Src Port
: Source Port
Dst Port
: Destination Port
Dst IP
: Destination IP

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top