User guide
Security Intrusion Detection Settings
iMG/RG Software Reference Manual (IPNetwork Functions)
4-66
For each DoS attack there are different IDS settings, summarized in the the table below:
Land Attack
This attack targets Microsoft Windows machines. An attacker sends
a forged packet with the same source and destination IP address
which confuses the victim’s machine, causing it to crash or reboot.
Ping of Death
It is possible to crash, reboot or otherwise kill a large number of
systems by sending a ping of a certain size from a remote machine.
A ping is defined as a ping of death when the ping payload exceeds
65535 bytes.
Overdrop
This attack uses incorrect IP packet fragmentation to exploit vulner-
abilities in networked devices. Fragmented IP packets are sent and
the fragment information indicates that the packet length is over
65535 bytes (including IP header), but the actual data in the payload
is much less than this amount.
Dos Attack Related Detection settings Block duration setting / (Default)
SMURF
Attack
security enable IDS victimprotec-
tion
security set IDS victimprotection
<duration> /(10 min)
SYN/FIN/RST
Flood
security set IDS floodthreshold
<max>
security set IDS portfloodthresh-
old <max>
security set IDS floodperiod
<duration>
security set IDS MaxTCPopen-
handshake <max>
security set IDS DOSattackblock
<duration> / (30 min)
ICMP Flood
security set IDS MaxICMP <max> security set IDS DOSattackblock
<duration> / (30 min)
Ping Flood
security set IDS MaxPING
<max>
security set IDS DOSattackblock
<duration> / (30 min)
Ascend Kill
N/A security set IDS MaliciousAttackBlock
<duration> / (30 min
WinNuke
Attack
N/A security set IDS MaliciousAttackBlock
<duration> / (30 min
Dos Attack Description