91
For SYN Flood, ICMP Echo Storm and ICMP flood, IDS will just warn the user in the Event Log but it
will not be able to protect against such attacks.
Hacker attack types recognized by the IDS
TCP
Port 135, 137~139,
Flag: URG
ICMP type 8
Des IP is broadcast
UDP Echo Port and
CharGen Port
UDP Dst Port =
CharGen(19)
TCP Flag: SYN/FIN
DstPort: IMAP(143)
SrcPort: 0 or 65535
TCP,
No Existing session
And Scan Hosts
more than five.
TCP
No Existing session
DstPort = Net Bus
12345,12346, 3456
UDP, DstPort =
Orifice Port (31337)
Max TCP Open
Handshaking Count
(Default 100 c/sec)
Max ICMP Count
(Default 100 c/sec)
Max PING Count
(Default 15 c/sec)
Src IP: Source IP Src Port: Source Port
Dst Port: Destination Port Dst IP: Destination IP
Comments to this Manuals