PAMSPAN501x G.SHDSL.bis EFM Gateway
-
71
Enable/disable/clear IDS blacklist
firewall set IDS blacklist {enable|disable|clear}
Equal to
security enable IDS blacklist
security disable IDS blacklist
security clear IDS blacklist
Enabling the Blacklist will block traffics from an external host when it has detected
one of the following types of attack:
Protocol
Attack Name
UDP
Ascend Kill
UDP
Echo Scan (Port scan attack)
TCP
WinNuke (Port scan attack)
TCP
Xmas Tree Scan (Port scan attack)
TCP
IMAP SYN/FIN Scan ((Port scan attack)
ICMP
SMURF (if victim protection is set; SMURF Attack)
TCP
SYN Flood (if scanning threshold is exceeded; SYN/FIN/RST
Flood )
TCP
Net Bus Scan (Port scan attack)
UDP
Back Orifice Scan (Port scan attack)
-
If a DoS attack is detected, the host is blacklisted for 30 minutes by default
-
If a port scan is detected, the host is blacklisted for 24 hours by default