User`s manual
ADSL Router User Manual
64
Intrusion Detection
This page displays the rules for intrusion detection. The purpose of intrusion detection is to detect any attacks that
penetrate and destroy the firewall & standard detection systems. In addition, it is used to proactively prevent attacks
without human intervention before any damage can occur.
DOS Attack Block Duration: It defines the duration that the suspicious host will be blocked once DOS activity is
detected. The unit is defined in second.
Scan Attack Block Duration: It defines the duration that the suspicious host will be blocked once Scan activity is
detected. The unit is defined in second.
Victim Protection Block Duration: This is to protect victims from spoofing style attacks -- a destination blocking
entry is added to black list. It specifies the default duration we are going to keep it in
the list to avoid the continuous attack against this victim. The unit is defined in
second.
Maximum TCP Open Handshaking Count: The maximum number of unfinished TCP handshaking session will
trigger IDS for SYN flood per second.
Maximum Ping Count: The maximum number of PINGs per second will trigger IDS for echo storm.
Maximum ICMP Count: The maximum number of ICMP packets other than ICMP echo (PING) per second
will trigger IDS for ICMP flood.
You can select
Disable
and click
Apply
to disabled intrusion detection. Select Enabled to invoke this function. In
addition, click
Modify Rules
to enter or modify details for the rules if necessary. After finishing the modification,
click
Apply
.