User guide

Management stations - Remote Management Security
4-67
iMG/RG Software Reference Manual (IPNetwork Functions)
4.2.4.4 IDS Trojan Database
Trojan attacks are detected by scanning for packets on pre-defined Trojan attack ports, using a pre-defined
Database includes commonly attacked Trojan Ports.
To enter a new Trojan name in the IDS Trojan Database
security IDS add trojan <trojan name>
Once you have added a Trojan name to the database, you may need to identify the attack port that might be
used by that Trojan. Use the following command to add a port to the IDS Trojan Database against the Trojan
name specified in the previous command:
security IDS add trojanport <trojan name> <ident> <udp|tcp> <port>
In order to start scanning you must enable the Trojan with the following CLI command:
security IDS enable trojan <trojan name>
4.2.5 Management stations - Remote Management
A management station is a host or range of hosts that can remotely access your device from the public Internet
for a certain period of time. Once your device has been configured to allow remote access, the management
station sends IP traffic on a specific transport/port to the device’s external port. Any NAT or Firewall configura-
tion is bypassed. This allows a network administrator access to the device’s configuration without having to visit
the site
Note: It is important for ISPs to configure management stations as precisely as possible to reduce the chance
of malicious access.
Echo
Chargen
N/A security set IDS DOSattackblock
<duration> / (30 min)
Echo Storm
security set IDS MaxPING
<max>
security set IDS DOSattackblock
<duration> / (30 min)
Boink
N/A security set IDS DOSattackblock
<duration> / (30 min)
Land Attack
N/A security set IDS DOSattackblock
<duration> / (30 min)
Ping of Death
N/A security set IDS DOSattackblock
<duration> / (30 min)
Overdrop
N/A security set IDS DOSattackblock
<duration> / (30 min)
Dos Attack Related Detection settings Block duration setting / (Default)