The Intrusion Detection System (IDS), introduced in IBM i5/OS, is a system that notifies you of attempts to hack into, disrupt, or deny service to the system. Prior to IDS, the i5/OS took some protective measures against the types of intrusions described here. However, with the new IDS support, the i5/OS system can now tell you about the intrusions.

This IBM Redpaper describes the following types of intrusions on the i5/OS system that are caught, audited, and, in many cases, discarded—before they become a threat:

Attacks

- IP fragments

- Malformed packets

- SYN floods

- Internet Control Message Protocol (ICMP) redirect messages

- Perpetual echo

- Restricted IP options

- Restricted IP protocols

Scans

Traffic regulation anomalies for TCP and UDP

Intrusion types

Setup for IDS notification on i5/OS

IDS policy file

Intrusion Monitor (IM) entries

Verifying IDS policy implementation