Example: Perpetual echo policy
This example is of an IDS attack-type policy that targets perpetual echoes on local port 7 and remote port 7.
UDP port 7 is the echo port. In an attack, if the header specifies the source and target ports as port 7, the UDP datagram echoes back and forth between the local port 7 and the remote UDP port 7.
When a perpetual echo occurs on port 7, IDS sends an intrusion notification to the Intrusion Detection Events page and to the audit journal, but it does not send an e-mail notification.
Each event that is detected is logged. Ensure that
IDS does not overload the system if it is logging large numbers of
events. If IDS is logging too many events, you can reduce the number
of events being logged by using any of the following methods:
- Using variable dynamic throttling.
- Changing the IDS policy to monitor fewer IP addresses.
- Limiting the maximum number of messages.
Setting | Value |
---|---|
Policy name | Echoes_policy |
Policy type | Attack |
Attack type | Perpetual echo |
Local IP addresses | All IP addresses |
Local ports | 7 |
Remote IP addresses | All IP addresses |
Remote ports | 7 |
Send messages for each intrusion | Yes |
Send e-mail notification | No |