Patton electronic 2635 Network Router User Manual


 
Intrusion Detection System (IDS) 79
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security
Victim Protection Block Duration:Default = 600 seconds (10 minutes).
Sets the duration of the block in seconds.
Maximum TCP Open Handshaking Count:Default = 100
Sets the maximum number of unfinished TCP handshaking sessions per second that are allowed by a firewall
before a SYN Flood is detected. SYN Flood is a DOS attack. When establishing normal TCP connections,
three packets are exchanged: (1) A SYN (synchronize) packet is sent from the host to the network server. (2) A
SYN/ACK packet is sent from the network server to the host. (3) An Ack (acknowledge) packet is sent from
the host to the network server. If the host sends unreachable source addresses in the SYN packet, the server
sends the SYN/ACK packets to the unreachable addresses and keeps resending them. This creates a backlog
queue of unacknowledged SYN/ACK packets. Once the queue is full, the system will ignore all incoming SYN
request and no legitimate TCP connections can be established.
Once the maximum number of unfinished TCP handshaking sessions is reached, an attempted DOS
attack is detected. The firewall blocks the suspected attacker for the time limit specified in the DOS
Attack Block Duration parameter.
Maximum Ping Count:Default = 15
Sets the maximum number of pings per second that are allowed by the firewall before an Echo Storm is
detected. Echo Storm is a DOS attack. An attacker sends oversized ICMP datagrams to the system using the
‘ping’ command. This can cause the system to crash, freeze, or reboot, resulting in denial of service to legiti-
mate users.
Maximum ICMP Count:Default = 100
Sets the maximum number of ICMP packets per second that are allowed by the firewall before an ICMP Flood
is detected. An ICMP Flood is a DOS attack. The attacker tries to flood the network with ICMP packets in
order to prevent transmission of legitimate network traffic.
4. After selecting the chosen parameters, click on Update.