PLANET ADSL VPN / Firewall Router
42
The Intrusion Detection allows you to prevent your local area network (LAN) from
malicious attacks, for example, port scan and Denial-of-Service (DoS). The purpose of
such attacks is either to consume the computing resources of your router, or even to
bring down the router and network.
The Intrusion Detection also supports the blacklisting feature to minimize system
overhead that could be consumed in an attack, as well as protecting the network in the
meantime. The blacklist is empty initially when the firewall enabled. The initiator of an
attack will be blacklisted, that is, will be added to the blacklist. Whenever the router
receives a packet from the Internet, it will check the blacklist first to see if the initiator is
in the list. If it is, the packet will be dropped. A configurable value is associated with
each type of the attack, the initiator will be removed from the list when it times out.
Enable:
select True to enable intrusion detection. Strongly recommend to set TRUE for
“
Use Blacklist
”
and
“
Use Victim Protection
”
when enable
“
Intrusion Detection
”
.
Use Blacklist:
select True to use blacklist. If enabled, external host addresses will be
saved into blacklist when the router detects the intrusion from these hosts.
Use Victim Protection:
select True to use Victim Protection. If enabled, the router will
protect the internal host (the host is the victim at this moment) from suspicious attacks.
Victim Protection Duration:
after the router has detected that an internal host has
been attacked, the router will record this external host IP into the Blacklist and block
traffic with this host for a set time limit in order to protect the host.
DoS Attack Block Duration:
after a DoS attack is detected, the router will record this
external host IP into the Blacklist and block traffic with this host for a set time limit.
Scan Attack Block Duration:
after a Scan attack is detected, the router will record this
external host IP into the Blacklist and block traffic with this host for a set time limit.
Maximum TCP Open Handshaking Count:
set the maximum number of unfinished
TCP handshaking session per second. Once the maximum of unfinished TCP