Page 91 / 126
Scroll up to view Page 86 - 90
90
5.3.4.3 Intrusion Detection
Check Enable if you wish to detect intruders accessing your computer without permission.
The router automatically detects and blocks a DoS (Denial of Service) attack if a user
enables this function. This kind of attack is not to access confidential data on the network;
instead, it aims to disrupt specific equipment or the entire network. If this happens, users
will have trouble accessing the network resources.
Intrusion Detection:
Check Enable if you wish to detect intruders accessing your
computer without permission.
Alert Mail:
Select this check box to use Alert Mail.
Alert Mail Time:
Set the time for receiving Alert mail.
Your E-Mail:
Set your email address.
Recipient’s E-mail:
Set the Recipient’s email address to which the email notification
is sent.
SMTP server:
Set the SMTP (mail) server address.
Maximum TCP Open Handshaking Count:
This is a threshold value to decide
whether a SYN Flood attempt is occurring or not. Default value is 100 TCP SYN per
seconds.
Maximum Ping Count:
This is a threshold value to decide whether an ICMP Echo
Storm is occurring or not. Default value is 15 ICMP Echo Requests (PING) per second.
Maximum ICMP Count:
This is a threshold to decide whether an ICMP flood is
occurring or not. Default value is 100 ICMP packets per seconds except ICMP Echo
Requests (PING).
Log:
Check Log if you wish to generate logs when the filer rule is applied to the
Page 92 / 126
91
Intrusion Detection.
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the
Event Log but it will not be able to protect against such attacks.
Hacker attack types recognized by the IDS
Intrusion Name
Detect Parameter
Blacklist
Type of Block
Duration
Drop Packet Show Log
Ascend Kill
Ascend Kill data
Src IP
DoS
Yes
Yes
WinNuke
TCP
Port 135, 137~139,
Flag: URG
Src IP
DoS
Yes
Yes
Smurf
ICMP type 8
Des IP is broadcast
Dst IP
Victim
Protection
Yes
Yes
Land attack
SrcIP = DstIP
Yes
Yes
Echo/CharGen Scan
UDP Echo Port and
CharGen Port
Yes
Yes
Echo Scan
UDP Dst Port =
Echo(7)
Src IP
Scan
Yes
Yes
CharGen Scan
UDP Dst Port =
CharGen(19)
Src IP
Scan
Yes
Yes
X’mas Tree Scan
TCP Flag: X’mas
Src IP
Scan
Yes
Yes
IMAP
SYN/FIN Scan
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
Src IP
Scan
Yes
Yes
SYN/FIN/RST/ACK
Scan
TCP,
No Existing session
And
Scan
Hosts
more than five.
Src IP
Scan
Yes
Yes
Net Bus Scan
TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456
SrcIP
Scan
Yes
Yes
Back Orifice Scan
UDP,
DstPort
=
Orifice Port (31337)
SrcIP
Scan
Yes
Yes
SYN Flood
Max
TCP
Open
Handshaking Count
Yes
Page 93 / 126
92
(Default 100 c/sec)
ICMP Flood
Max ICMP Count
(Default 100 c/sec)
Yes
ICMP Echo
Max PING Count
(Default 15 c/sec)
Yes
Src IP:
Source IP
Src Port:
Source Port
Dst Port:
Destination Port
Dst IP:
Destination IP
5.3.4.4 Block WAN PING
Check Enable if you wish to exclude outside PING requests from reaching this router.
5.3.4.5 URL Filter
URL (Uniform Resource Locator – e.g. an address in the form of
or
) filter rules allow you to prevent users on your network from
accessing particular websites from their URL. There are no pre-defined URL filter rules;
you can add filter rules to meet your requirements.
Page 94 / 126
93
Keywords Filtering:
Allows blocking by specific keywords within a particular URL
rather than having to specify a complete URL (e.g. to block any image called
“advertisement.gif”). When enabled, your specified keywords list is checked to see if any
keywords are present in URLs accessed to determine if the connection attempt should be
blocked. Note that the URL filter blocks web browser (HTTP) connection attempts using
port 80 only.
For example, the URL
would be dropped since the keyword
“abcde” occurs in the URL.
Domains Filtering:
Checks the domain name in URLs accessed against your list of
domains to block or allow. If it matches, the URL request is sent (Trusted) or dropped
(Forbidden). The checking procedure is:
1. Check the domain in the URL to determine if it is in the trusted list. If yes, the connection
attempt is sent to the remote web server.
2. If not, it is checked with the forbidden list. If present, the connection attempt is dropped.
3. If the packet matches neither of the above, it is sent to the remote web server.
4. Please be note that the completed URL, “www” + domain name shall be specified. For
example
to
block
traffic
to
www.google.com.au
,
enter
“
www.google
”
or
“
www.google.com
”
Page 95 / 126
94
Restrict URL Features:
This function enhances the restriction to your URL rules.
~
Block Java Applet:
Blocks Web content which includes the Java Applet to prevent
someone who wants to damage your system via the standard HTTP protocol.
~
Block ActiveX:
Blocks ActiveX
~
Block Cookies:
Blocks Cookies
~
Block Proxy:
Blocks Proxy
Except IP Address:
Time Schedule:
It is self-defined time period. You may specify a time schedule for
your prioritization policy. For setup and detail, refer to Time Schedule section.
Log:
Click “Log” if you wish to generate logs when the filer rule is applied to the URL
Filter.
19216811.live