Filter
Top Products
Prestige 794M User’s Guide
71 Chapter 6 Firewall
6.5 Intrusion Detection
The Prestige’s Intrusion Detection System (IDS) is used to detect hacker attacks and intrusion
attempts from the Internet. When you enable IDS on the Prestige, inbound packets are filtered
and blocked depending on whether they are detected as possible hacker attacks, intrusion
attempts or other connections that the router determines to be suspicious.
If the Prestige detects a possible attack, the source IP or destination IP address will be added to
the Blacklist. Any further attempts using this IP address will be blocked for the time period
specified in the Block Duration field. The default setting for this function is false (disabled).
Some attack types are denied immediately without using the Blacklist function, such as Land
attack and Echo/CharGen scan.
The following table lists the types of attacks that the IDS is able to detect and the actions
performed.
Apply Click Apply to save the settings and return to the main Packet Filter screen.
Return Click Return to discard all changes and go back to the main Packet Filter screen.
Table 33 Firewall: Packet Filters: Add Raw Filter (continued)
LABEL DESCRIPTION
Table 34 IDS: Detectable Attacks
NAME PARAMETER BLACKLIST
TYPE OF BLOCK
DURATION
DROP PACKET LOG
Ascend Kill Ascend Kill data Source IP DoS Yes Yes
WinNuke TCP
Port 135, 137~139,
Flag: URG
Source IP DoS Yes Yes
Smurf ICMP type 8
Des IP is broadcast
Destination
IP
Victim Protection Yes Yes
Land attack SrcIP = DstIP Yes Yes
Echo/
CharGen
Scan
UDP Echo Port and
CharGen Port
Yes Yes
Echo Scan UDP Dst Port =
Echo(7)
Source IP Scan Yes Yes
CharGen
Scan
UDP Dst Port =
CharGen(19)
Source IP Scan Yes Yes
X’mas Tree
Scan
TCP Flag: X’mas Source IP Scan Yes Yes
IMAP
SYN/FIN
Scan
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
Source IP Scan Yes Yes