Intrusion Detection System
IDS supporting 128,000 concurrent connections
Network-Based Intrusion Detection System for Enterprise
Designed to meet the unique security requirements of the enterprise, the DFL-2400 Intrusion Detection System (IDS)
offers comprehensive features that bring improved security to your network. With its network-based detection capabilities and
event management, the DFL-2400 provides a reliable solution for detecting a broad array of attacks present in today's
constantly changing security landscape.

Intrusion Prevention and Damage Assess
Your network is susceptible to a multitude of attacks. Your
real time. It analyzes the incoming and outgoing packets
office is exposed to a variety of potential vulnerabilities,
with a mixed approach combined with misused and
including Internet connections, communication channels
anomaly model. With this hybrid mechanism, DFL-2400
between remote and corporate offices and links between
can detect unknown type packet flooding and extend the
trusted business partners. Unfortunately, many preventive
ability to detect new pattern-based attack types easily. A
measures employed to secure resources and internal traffic do
flexible rule-set is provided to allow new policies to be
not provide the breadth or depth of analysis needed to
added easily. DFL-2400 is built on real-time OS equipped
identify attempted attacks or uncover potential threats across
with high performance appliance that enables you to do
the organization. Deploying firewalls or virtual private
much more than other software-based IDS.
networks can minimize exposure, but they do not provide
enough protection.
Designed for Small to Medium Size Business
Equipped with a powerful CPU, most up-to-date database
Intrusion detection solutions provide an additional layer of
and ample memory to execute the necessary tasks, the
vital security. The DFL-2400 can detect suspicious activity,
DFL-2400 can provide up to 128,000 concurrent
prevent the intrusion and assess the damage.
connections in an enterprise network. A large database can
be easily maintained/updated and policy management and
Active On-Line IDS
monitoring can be easily carried out from any designated
DFL-2400 is an active and on-line network-based Intrusion
computer on your network.
Detection System. Its responsibility is to detect malicious and
suspicious packets on computer network and take actions in
Key Features
On-line real-time active network intrusion detection
Real-time reporting and historical forensics
Policy-based detection and access control
Large signature database
Multiple protocol support including ARP, IP, TCP, UDP,
Up to 128,000 concurrent connections
3 10/100Mbps Fast Ethernet ports each for WAN, LAN,
Policy management and centralized management monitoring,
and management connection
analysis and reporting
Console port provided
Third-party routers, switches, firewalls, applications, web
servers monitoring

Technical Specifications
Intrusion Detection System
System Performance
Console Management
- Maximum concurrent connections: 128,000
RS-232 (Baud rate 9600, 8, N, 1, N)
- Maximum expanded policies: 3,000 for each direction
- Maximum queued log in memory:
Network Management
- Maximum logged packets in memory: 20,000
- Remote SSH
- Management UI
Key Components
- CPU: Intel Pentium-III 850Mhz
- Memory: DRAM 256 MB
System Status
- Stop
Wan Port
- Bypass
- 10/100Mbps Fast Ethernet port for outbound WAN
- Normal
- Supports Full/half duplex
- Protect
- 802.3x Flow Control in full duplex
Protocols Supported
- Back pressure in half duplex
- IP
LAN Port
- 10/100Mbps Fast Ethernet port for inbound LAN
- Supports Full/half duplex
- 802.3x Flow Control in full duplex
- Back pressure in half duplex
Management Port
- 10/100Mbps Fast Ethernet port for policy server connection
Physical & Environmental
- Supports Full/half duplex
Power Supply
90 - 264 VAC internal universal power supply
- 802.3x Flow Control in full duplex
- Back pressure in half duplex
295 mm (D) x 440 mm (W) x 44 mm (H)
Console Port
Standard rack-mount width, 1U height
- DB-9 male connector
- Asynchronous serial DTE with full modem controls
Operation Temperature
0 ~ 50 C
Storage Temperature
Software Features -- System
-25 ~ 55 C
In-line real-time Active Network Intrusion Detection
Policy-based Detection and Access Control
5% ~ 95% non-condensing
Automatic Alert and Reaction
Emission (EMI)
- FCC Class A
Instant Traffic Controlfor:
- CE Class A
- Block packets
- C-Tick
- Cut off connections
- BSMI Class A
- Generate alarm
- Log suspicious packets
- UL
Detect and Block
- Dos/DDoS attacks
- Buffer overflow attacks
- Network scan attacks
- Trojan horse attacks
DDos Attack Classes
- IP flooding
- TCP SYN flooding
- UDP flooding
- UDP smurfing
- ICMP flooding
- ICMP smurfing
- IGMP flooding
- TCP flooding
Bi-directional Detection and Protection
- WAN to LAN
- LAN to WAN
Built in Signature and Anomaly Detection Model
Dependent Policy Applied for Each Interface
Secure Management Port and Stealthy Mode
Content Filtering by Keyword Set in URL
Remote Kernel Update
SSH Remote Secure Management Support
Software Feature -- System
pSOS 2.5
Main Functions
- Forwarding
- Detection
- Logging
- Blocking

Document Outline