Billion BiPAC-7401VGP Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Billion

BiPAC-7401VGP

Page 66 / 120 Scroll up to view Page 61 - 65

VoIP/(802.11g) ADSL2+ Router

Chapter 4: Configuration

The new port filter rule for HTTP is shown below:

Configure your Virtual Server (“port forwarding”) settings so that incoming HTTP requests on port 80

will be forwarded to the PC running your web server:

Note:

For how to configure the HTTP in Virtual Server, go to

Add Virtual Server

Virtual

Server

section for more details.

Page 67 / 120

VoIP/(802.11g) ADSL2+ Router

Chapter 4: Configuration

Intrusion Detection

The router’s

Intrusion Detection System

(IDS) is used to detect hacker attacks and intrusion

attempts from the Internet. If the IDS function of the firewall is enabled, inbound packets are

filtered and blocked depending on whether they are detected as possible hacker attacks, intrusion

attempts or other connections that the router determines to be suspicious.

Blacklist

: If the router detects a possible attack, the source IP or destination IP address will be

added to the Blacklist. Any further attempts using this IP address will be blocked for the time

period specified as the

Block Duration

. The default setting for this function is false (disabled).

Some attack types are denied immediately without using the Blacklist function, such as

Land

attack

and

Echo/CharGen scan

Intrusion Detection

: If enabled, IDS will block Smurf attack attempts. Default is false.

Block Duration:

Victim Protection Block Duration

: This is the duration for blocking

Smurf

attacks.

Default value is 600 seconds.

Scan Attack Block Duration

: This is the duration for blocking hosts that attempt a

possible Scan attack. Scan attack types include

X’mas scan, IMAP SYN/FIN scan

and

similar attempts. Default value is 86400 seconds.

DoS Attack Block Duration

: This is the duration for blocking hosts that attempt a

possible Denial of Service (DoS) attack. Possible DoS attacks this attempts to block

include

Ascend Kill

and

WinNuke

. Default value is 1800 seconds.

Max TCP Open Handshaking Count

: This is a threshold value to decide whether a

SYN Flood

attempt is occurring or not. Default value is 100 TCP SYN per seconds.

Max PING Count

: This is a threshold value to decide whether an

ICMP Echo Storm

is occurring or

not.

Default value is 15 ICMP Echo Requests (PING) per second.

Page 68 / 120

VoIP/(802.11g) ADSL2+ Router

Chapter 4: Configuration

Max ICMP Count

: This is a threshold to decide whether an

ICMP flood

is occurring or not. Default

value is 100 ICMP packets per seconds except ICMP Echo Requests (PING).

For

SYN Flood

ICMP Echo Storm

and

ICMP flood

, IDS will just warn the user in the Event Log. It

cannot protect against such attacks.

Table 2: Hacker attack types recognized by the IDS

Intrusion Name

Detect Parameter

Blacklist

Type of Block

Duration

Drop Packet

Show Log

Ascend Kill

Ascend Kill data

Src IP

DoS

Yes

WinNuke

TCP

Port 135, 137~139,

Flag: URG

Src IP

DoS

Yes

Smurf

ICMP type 8

Des IP is broadcast

Dst IP

Victim

Protection

Yes

Land attack

SrcIP = DstIP

Yes

Echo/CharGen Scan

UDP Echo Port and

CharGen Port

Yes

Echo Scan

UDP Dst Port =

Echo(7)

Src IP

Scan

Yes

CharGen Scan

UDP Dst Port =

CharGen(19)

Src IP

Scan

Yes

X’mas Tree Scan

TCP Flag: X’mas

Src IP

Scan

Yes

IMAP

SYN/FIN Scan

TCP Flag: SYN/FIN

DstPort: IMAP(143)

SrcPort: 0 or 65535

Src IP

Scan

Yes

SYN/FIN/RST/ACK

Scan

TCP,

No Existing session

And Scan Hosts

more than five.

Src IP

Scan

Yes

Net Bus Scan

TCP

No Existing session

DstPort = Net Bus

12345,12346, 3456

SrcIP

Scan

Yes

Back Orifice Scan

UDP, DstPort =

Orifice Port (31337)

SrcIP

Scan

Yes

SYN Flood

Max TCP Open

Handshaking Count

(Default 100 c/sec)

Yes

ICMP Flood

Max ICMP Count

(Default 100 c/sec)

Yes

ICMP Echo

Max PING Count

(Default 15 c/sec)

Yes

Src IP

: Source IP

Src Port

: Source Port

Dst Port

: Destination Port

Dst IP

: Destination IP

Page 69 / 120

VoIP/(802.11g) ADSL2+ Router

Chapter 4: Configuration

URL Filter

URL (Uniform Resource Locator – e.g. an address in the form of

http://www.abcde.com

http://www.example.com

) filter rules allow you to prevent users on your network from accessing

particular websites by their URL. There are no pre-defined URL filter rules; you can add filter rules

to meet your requirements.

Enable/Disable:

To enable or disable URL Filter feature.

Block Mode:

A list of the modes that you can choose to check the URL filter rules. The default is

set to

Disabled.

Disabled:

No action will be performed by the Block Mode.

Always On:

Action is enabled.

URL filter rules will be monitoring and checking at all hours

of the day.

TimeSlot1 ~ TimeSlot16:

It is self-defined time period.

You may specify the time period to

check the URL filter rules, i.e. during working hours. For setup and detail, refer to

Time

Schedule

section.

Keywords Filtering:

Allows blocking by specific keywords within a particular URL rather than

having to specify a complete URL (e.g. to block any image called “advertisement.gif”). When

enabled, your specified keywords list will be checked to see if any keywords are present in URLs

accessed to determine if the connection attempt should be blocked. Please note that the URL filter

blocks web browser (HTTP) connection attempts using port 80 only.

Page 70 / 120

VoIP/(802.11g) ADSL2+ Router

Chapter 4: Configuration

For example, if the URL is

http://www.abc.com/abcde.html

, it will be dropped as the keyword

“abcde” occurs in the URL.

Domains Filtering: This function checks the domain name only, not the IP address, in URLs

accessed against your list of domains to block or allow. If it is matched, the URL request will be

sent (Trusted) or dropped (Forbidden). For this function to be activated,

both check-boxes must be

checked

. The checking procedure is:

Check the domain in the URL to determine if it is in the trusted list. If yes, the

connection attempt is sent to the remote web server.

If not, check if it is listed in the forbidden list, and if present then the connection attempt

is dropped.

If the packet does not match either of the above two items, it is sent to the remote web

server.

Please be note that the domain only should be specified, not the full URL. For example

to block traffic to

www.sex.com

, enter “sex” or “sex.com” instead of “www.sex.com”. In

the example below, the URL request for

www.abc.com

will be sent to the remote web

server because it is listed in the trusted list, whilst the URL request for

www.sex

www.sex.com

will be dropped, because sex.com is in the forbidden list.

Rate

Popular Billion Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share