User guide
Security Intrusion Detection Settings
iMG/RG Software Reference Manual (IPNetwork Functions)
4-62
An ALG provides a service for a specific application such as FTP (File Transfer Protocol). Incoming packets are
checked against existing NAT rules or Firewall filters, IP addresses are evaluated and detailed packet analysis is
performed. If necessary, the contents of a packet is modified, and if a secondary port is required, the ALG will
open one. The ALG for each application does not require additional configuration.
4.2.4 Intrusion Detection Settings
Intrusion Detection is a feature that looks for traffic patterns that correspond to certain known types of attack
from suspicious hosts that attempt to damage the network or to prevent legitimate users from using it.
The Intrusion Detection protects the system from the following kinds of attacks:
• DOS (Denial of Service) attacks - a DOS attack is an attempt by an attacker to prevent legitimate hosts
from accessing a service.
• Port Scanning - an attacker scans a system in an attempt to identify any open ports, that are listening for a
particular service
• Web Spoofing - an attacker creates a 'shadow' of the World Wide Web on their own machine, however a
legitimate host sees this as the 'real' WWW. The attacker uses the shadow WWW to monitor the host's
activities and send false data to and from the host's machine.
Intrusion Detection works differently for each type of attack.
Application TCP Port UDP Port
AOL Instant Messenger (AIM) 5190 N/A
File Transfer Protocol (FTP) 21 N/A
Internet Key Exchange (IKE) N/A 500
Internet Locator Service (ILS) (a directory service based
on Lightweight Directory Access Protocol (LDAP))
389 (+1002) N/A
Microsoft Networks (MSN) 1863 N/A
Point to Point Tunnelling Protocol (PPTP) 1723 N/A
Resource Reservation Protocol (RSVP (protocol 46)) N/A N/A
Real Time Streaming Protocol (RTSP) N/A N/A
Layer Two Tunnelling Protocol (L2TP) N/A 1701
Session Initiation Protocol (SIP)
(includes Session Description Protocol (SDP))
5060 5060