1. Home
    2. /
  2. Manuals
    3. /
  3. Billion
    4. /
  4. 800VGT
    5. /
  5. 13
Page 61 / 143 Scroll up to view Page 56 - 60
Billion 800VGT Router
Packet
Filter
Add
Raw
IP
Filter
Rule
Name:
Specifies
a
user-defined
description
identifying
this
entry
or
click
to
select
existing
predefined
rules.
Time
Schedule:
this
is
the
user-defined
time
period
applicable
to
the
rule.
You
may
specify
a
time
schedule
for
your
prioritization
policy.
For
setup
and
detail,
refer
to
Time
Schedule
section
Protocol
Number:
Insert
the
port
number,
i.e.
GRE
47.
Inbound
/
Outbound:
Select
Allow
or
Block
to
control
access
to
the
Internet
(
“Outbound”
)
or
from
the
Internet
(
“Inbound”
).
Click
the
Apply
button
to
apply
your
changes.
Example:
Configuring
your
firewall
to
allow
for
a
publicly
accessible
web
server
on
your
LAN
The
predefined
port
filter
rule
for
HTTP
(TCP
port
80)
is
the
same
no
matter
whether
the
firewall
is
set
to
a
high,
medium
or
low
security
level.
To
setup
a
web
server
located
on
the
local
network
when
the
firewall
is
enabled,
you
have
to
configure
the
Port
Filters
setting
for
HTTP.
As
you
can
see
from
the
diagram
below,
when
the
firewall
is
enabled
with
one
of
the
three
presets
(Low/Medium/High),
inbound
HTTP
access
is
not
allowed
which
means
remote
access
through
HTTP
to
your
router
is
not
allowed.
Note:
Inbound
indicates
accessing
from
Internet
to
LAN
and
Outbound
is
from
LAN
to
the
Internet.
61
Chapter
4:
Configuration
Downloaded from
www.Manualslib.com
manuals search engine
Page 62 / 143
Billion 800VGT Router
Configuring
Packet
Filter:
1.
Click
Port
Filters
.
You
will
then
be
presented
with
the
predefined
port
filter
rules
screen
(in
this
case,
for
the
low
security
level)
shown
below:
Note:
You
may
edit
the
predefined
rule
instead
of
deleting
it.
This
is
an
example
showing
to
how
you
add
a
filter
on
your
own.
Click Delete
2.
Click
Delete
to
delete
the
existing
HTTP
rule.
3.
Click
Add
TCP/UDP
Filter
.
Click Add TCP/UDP Filter
4.
Input
the
Rule
Name,
Time
Schedule,
Source/Destination
IP,
Type,
Source/Destination
Port,
Inbound
and
Outbound.
Example
:
Application:
WEB_HTTP
Time
Schedule:
Always
On
Source
/
Destination
IP
Address(es):
0.0.0.0
(Allow all addresses)
Type:
TCP
(Please
refer
to
Table1:
Predefined
Port
Filter)
Source
Port:
0-65535
(I
allow
all
ports
to
connect
with
the
application))
Destination
Port:
80-80
(Internal port
defined
for
HTTP)
Inbound
/
Outbound:
Allow
62
Chapter
4:
Configuration
Downloaded from
www.Manualslib.com
manuals search engine
Page 63 / 143
Billion 800VGT Router
5.
The
new
port
filter
rule
for
HTTP
is
shown
below:
6.
Configure
your
Virtual
Server
(“port
forwarding”)
settings
so
that
incoming
HTTP
requests
on
port
80
will
be
forwarded
to
the
PC
running
your
web
server:
Note:
For
how
to
configure
the
HTTP
in
Virtual
Server
mode
,
go
to
Add
Virtual
Server
in
the
Virtual
Server
section
for
more
details.
63
Chapter
4:
Configuration
Downloaded from
www.Manualslib.com
manuals search engine
Page 64 / 143
Billion 800VGT Router
Intrusion
Detection
The
router’s
Intrusion
Detection
System
(IDS)
is
used
to
detect
hacker
attacks
and
intrusion
attempts
from
the
Internet.
If
the
IDS
function
of
the
firewall
is
enabled,
inbound
packets
are
filtered
and
blocked
depending
on
whether
they
are
detected
as
possible
hacker
attacks,
intrusion
attempts
or
other
connections
that
the
router
determines
to
be
suspicious.
Blacklist
:
If
the
router
detects
a
possible
attack,
the
source
IP
or
destination
IP
address
will
be
added
to
the
Blacklist.
Any
further
attempts
using
this
IP
address
will
be
blocked
for
the
time
period
specified
as
the
Block
Duration
.
The
default
setting
for
this
function
is
disable.
Some
attack
types
are
denied
immediately
without
using
the
Blacklist
function,
such
as
Land
attack
and
Echo/CharGen
scan
.
Intrusion
Detection
:
If
enabled,
IDS
will
block
Smurf
attack
attempts.
Default
is
disable
.
Block
Duration:
²
Victim
Protection
Block
Duration
:
This
is
the
duration
for
blocking
Smurf
attacks.
Default
value
is
600
seconds.
²
Scan
Attack
Block
Duration
:
This
is
the
duration
for
blocking
hosts
that
attempt
a
possible
Scan
attack.
Scan
attack
types
include
X’mas
scan,
IMAP
SYN/FIN
scan
and
similar
attempts.
Default
value
is
86400
seconds.
²
DoS
Attack
Block
Duration
:
This
is
the
duration
for
blocking
hosts
that
attempt
a
possible
Denial
of
Service
(DoS)
attack.
Possible
DoS
attacks
this
attempts
to
block
include
Ascend
Kill
and
WinNuke
.
Default
value
is
1800
seconds.
Max
TCP
Open
Handshaking
Count
:
This
is
a
threshold
value
to
decide
whether
a
SYN
Flood
attempt
is
occurring
or
not.
Default
value
is
100
TCP
SYN
per
seconds.
Max
PING
Count
:
This
is
a
threshold
value
to
decide
whether
an
ICMP
Echo
Storm
is
occurring
or
not.
Default
value
is
15
ICMP
Echo
Requests
(PING)
per
second.
Max
ICMP
Count
:
This
is
a
threshold
to
decide
whether
an
ICMP
flood
is
occurring
or
not.
Default
value
is
100
ICMP
packets
per
seconds
except
ICMP
Echo
Requests
(PING).
For
SYN
Flood
,
ICMP
Echo
Storm
and
ICMP
flood
,
IDS
will
just
warn
the
user
in
the
Event
Log.
The
router
cannot
protect
against
such
attacks.
64
Chapter
4:
Configuration
Downloaded from
www.Manualslib.com
manuals search engine
Page 65 / 143
Billion 800VGT Router
Table 2: Hacker attack types recognized by the IDS
Intrusion
Name
Detect
Parameter
Blacklist
Type
of
Block
Duration
Drop
Packet
Show
Log
Ascend
Kill
Ascend
Kill
data
Src
IP
DoS
Yes
Yes
WinNuke
TCP
Port
135,
137~139,
Flag:
URG
Src
IP
DoS
Yes
Yes
Smurf
ICMP
type
8
Des
IP
is
broadcast
Dst
IP
Victim
Protection
Yes
Yes
Land
attack
SrcIP
=
DstIP
Yes
Yes
Echo/CharGen
Scan
UDP
Echo
Port
and
CharGen
Port
Yes
Yes
Echo
Scan
UDP
Dst
Port
=
Echo(7)
Src
IP
Scan
Yes
Yes
CharGen
Scan
UDP
Dst
Port
=
CharGen(19)
Src
IP
Scan
Yes
Yes
X’mas
Tree
Scan
TCP
Flag:
X’mas
Src
IP
Scan
Yes
Yes
IMAP
SYN/FIN
Scan
TCP
Flag:
SYN/FIN
DstPort:
IMAP(143)
SrcPort:
0
or
65535
Src
IP
Scan
Yes
Yes
SYN/FIN/RST/ACK
Scan
TCP,
No
Existing
session
And
Scan
Hosts
more
than
five.
Src
IP
Scan
Yes
Yes
Net
Bus
Scan
TCP
No
Existing
session
DstPort
=
Net
Bus
12345,12346,
3456
SrcIP
Scan
Yes
Yes
Back
Orifice
Scan
UDP,
DstPort
=
Orifice
Port
(31337)
SrcIP
Scan
Yes
Yes
SYN
Flood
Max
TCP
Open
Handshaking
Count
(Default
100
c/sec)
Yes
ICMP
Flood
Max
ICMP
Count
(Default
100
c/sec)
Yes
ICMP
Echo
Max
PING
Count
(Default
15
c/sec)
Yes
Src
IP
:
Source
IP
Src
Port
:
Source
Port
Dst
Port
:
Destination
Port
Dst
IP
:
Destination
IP
65
Chapter
4:
Configuration
Downloaded from
www.Manualslib.com
manuals search engine

Rate

4.7 / 5 based on 3 votes.

Popular Billion Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top