Patton electronic 3201 Modem User Manual


 
6 • Security Model 3201 G.SHDSL Integrated Access Device User Guide
92 Intrusion Detection System (IDS)
1. To enable IDS, click on Enabled for “Intrusion Detection Enabled” on the “Security Interface Configura-
tion” page. Then click on Change State(s).
2. Click on Configure Intrusion Detection.
3. You may choose which of the parameters to configure and for which value.
Use Blacklist:Default = 10 minutes when enabled.
If IDS has detected an intrusion an external host, access to the network is denied for ten minutes.
Use Victim Protection:Default = Disabled.
Enables Victim Protection. Victim Protection protects the victim from an attempted spoofing attack.
Web spoofing allows an attacker to create a ‘shadow’ copy of the world wide web (WWW). All access to
the shadow Web goes through the attacker’s machine, so the attacker can monitor all of the victim’s
activities and send false data to or from the victim’s machine. When enabled, packets destined for the
victim host of a spooking style attack are blocked.
DOS Attack Block Duration:Default = 1800 seconds (30 minutes).
A Denial of Service (DOS) attack is an attempt by an attacker to prevent legitimate users from using a
service. If a DOS attack is detected, all suspicious hosts are blocked by the firewall for a set time limit
Scan Attack Block Duration:Default = 86400 seconds
Sets the duration for blocking all suspicious hosts. The firewall detects when the system is being scanned
by a suspicious host attempting to identify any open ports.
Victim Protection Block Duration:Default = 600 seconds (10 minutes).
Sets the duration of the block in seconds.
Maximum TCP Open Handshaking Count:Default = 100
Sets the maximum number of unfinished TCP handshaking sessions per second that are allowed by a
WinNuke TCP yes
Xmas Tree Scan TCP yes
IMAP SYN/FIN Scan TCP yes
Smurf ICMP If victim protection set
SYN/FIN/RST Flood TCP If scanning threshold
exceeded
Net Bus Scan TCP yes
Back Orifice Scan UDP yes
Table 4:
Attack Name Protocol
Attacking Host
Blacklisted?