User guide
Firewall Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-130
Once the maximum number of unfinished TCP handshaking sessions is reached, an
attempted DOS attack is detected. The suspected attacker is blocked for the time limit
specified in the FIREWALL SET IDS DOSattackblock command.
Note: This command is nothing but an alias of the corresponding “security set IDS” command
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example --> firewall set IDS MaxTCPopenhandshake 150
See also security set IDS MaxTCPopenhandshake
4.3.2.0.27 FIREWALL SET IDS SCANATTACKBLOCK
Syntax FIREWALL SET IDS SCANATTACKBLOCK <DURATION>
Description This command allows you to set the scan attack block duration Intrusion Detection Set-
ting (IDS). If hosts are blocked for a set time limit, this command allows you to specify
the duration of the block time limit.
Note: This command is nothing but an alias of the corresponding “security set IDS” command
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example --> firewall set IDS SCANattackblock 43200
See also security set IDS SCANattackblock
4.3.2.0.28 FIREWALL SET IDS FLOODPERIOD
Syntax FIREWALL SET IDS FLOODPERIOD <DURATION>
Option Description Default Value
max The maximum number (per second) of unfinished
TCP handshaking sessions that are allowed before a
SYN Flood attempt is detected..
100
Option Description Default Value
duration The length of time (in seconds) that a suspicious
host is blocked for, after scan activity has been
detected.
86400 (one day)