Billion BiPAC 7300W Router Manual PDF (Setup & Configuration Guide)

Page 101 / 139 Scroll up to view Page 96 - 100

98

5.3.4.3 Intrusion Detection

Check Enable if you wish to detect intruders accessing your computer without permission.

The router automatically detects and blocks a DoS (Denial of Service) attack if a user

enables this function. This kind of attack is not to access confidential data on the network;

instead, it aims to disrupt specific equipment or the entire network. If this happens, users will

have trouble accessing the network resources.

Intrusion Detection:

Check Enable if you wish to detect intruders accessing your

computer without permission.

Maximum TCP Open Handshaking Count:

This is a threshold value to decide whether

a SYN Flood attempt is occurring or not. Default value is 100 TCP SYN per seconds.

Maximum Ping Count:

This is a threshold value to decide whether an ICMP Echo Storm

is occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.

Maximum ICMP Count:

This is a threshold to decide whether an ICMP flood is occurring

or not. Default value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

Log:

Check Log if you wish to generate logs when the filer rule is applied to the Intrusion

Detection.

Page 102 / 139

99

For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event

Log but it will not be able to protect against such attacks.

Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter

Blacklist

Type of Block

Duration

Drop Packet Show Log

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

WinNuke

TCP

Port 135, 137~139,

Flag: URG

Src IP

DoS

Yes

Smurf

ICMP type 8

Des IP is broadcast

Dst IP

Victim

Protection

Yes

Land attack

SrcIP = DstIP

Yes

Echo/CharGen Scan

UDP Echo Port and

CharGen Port

Yes

Echo Scan

UDP Dst Port =

Echo(7)

Src IP

Scan

Yes

CharGen Scan

UDP Dst Port =

CharGen(19)

Src IP

Scan

Yes

X’mas Tree Scan

TCP Flag: X’mas

Src IP

Scan

Yes

IMAP

SYN/FIN Scan

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

Src IP

Scan

Yes

SYN/FIN/RST/ACK

Scan

TCP,

No Existing session

And

Scan

Hosts

more than five.

Src IP

Scan

Yes

Net Bus Scan

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

SrcIP

Scan

Yes

Back Orifice Scan

UDP,

DstPort

=

Orifice Port (31337)

SrcIP

Scan

Yes

SYN Flood

Max

TCP

Open

Handshaking Count

(Default 100 c/sec)

Yes

ICMP Flood

Max ICMP Count

(Default 100 c/sec)

Yes

ICMP Echo

Max PING Count

(Default 15 c/sec)

Yes

Page 103 / 139

100

Src IP:

Source IP

Src Port:

Source Port

Dst Port: Destination Port

Dst IP: Destination IP

5.3.4.4 Block WAN PING

Check Enable if you wish to exclude outside PING requests from reaching this router.

5.3.4.5 URL Filter

URL (Uniform Resource Locator – e.g. an address in the form of

http://www.example.com

)

filter rules allow you to prevent users on your network from accessing particular websites

from their URL. There are no pre-defined URL filter rules; you can add filter rules to meet

your requirements.

Keywords Filtering:

Allows blocking by specific keywords within a particular URL rather

than having to specify a complete URL (e.g. to block any image called “advertisement.gif”).

When enabled, your specified keywords list is checked to see if any keywords are present in

URLs accessed to determine if the connection attempt should be blocked. Note that the URL

filter blocks web browser (HTTP) connection attempts using port 80 only.

For example, the URL

http://www.abc.com/abcde.html

would be dropped since the keyword

Page 104 / 139

101

“abcde” occurs in the URL.

Domains Filtering:

Checks the domain name in URLs accessed against your list of

domains to block or allow. If it matches, the URL request is sent (Trusted) or dropped

(Forbidden). The checking procedure is:

1. Check the domain in the URL to determine if it is in the trusted list. If yes, the connection

attempt is sent to the remote web server.

2. If not, it is checked with the forbidden list. If present, the connection attempt is dropped.

3. If the packet matches neither of the above, it is sent to the remote web server.

4. Please be note that the completed URL, “www” + domain name shall be specified. For

example

to

block

traffic

to

www.google.com.au

,

enter

“

www.google

”

or

“

www.google.com

”

Restrict URL Features:

This function enhances the restriction to your URL rules.

~

Block Java Applet:

Blocks Web content which includes the Java Applet to prevent

someone who wants to damage your system via the standard HTTP protocol.

~

Block ActiveX: Blocks ActiveX

Page 105 / 139

102

~

Block Cookies: Blocks Cookies

~

Block Proxy: Blocks Proxy

Except IP Address:

Time Schedule:

It is self-defined time period. You may specify a time schedule for your

prioritization policy. For setup and detail, refer to Time Schedule section.

Log:

Click “Log” if you wish to generate logs when the filer rule is applied to the URL

Filter.

Rate

Popular Billion Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share