User guide
Security command reference Security
4-103
iMG/RG Software Reference Manual (IPNetwork Functions)
Description This command allows you to set the time limit during which scanning type traffic (such as
closed TCP port reviving SYN/ACK, FIN or RST) is counted. If the number of scanning
packets counted within the specified duration is greater than the threshold set by SECU-
RITY SET IDS SCANTHRESHOLD, the suspected attacker is blocked for the time limit
specified in the command SECURITY SET IDS SCANATTACKBLOCK.
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example --> security set IDS scanperiod 90
4.2.7.1.57 SECURITY SET IDS SCANTHRESHOLD
Syntax SECURITY SET IDS SCANTHRESHOLD <MAX>
Description This command allows you to set the maximum number of scanning packets that can be
received before a port scan is detected. If the number of scanning packets counted within
the time duration set by the command SECURITY SET IDS SCANPERIOD is greater than
the maximum value set here, the suspected attacker is blocked for the time limit specified
in the command SECURITY SET IDS SCANATTACKBLOCK.
For example, using the default settings, if more than 5 scanning packets are received per
second for a 60 second duration, the attacker is blocked.
Options The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example --> security set IDS scanthreshold 8
See also
Option Description Default Value
duration The length of time (in seconds) that scanning type
traffic is counted for.
60 (seconds)
Option Description Default Value
max Maximum number of scanning packets that can be
received before a port scan attack is detected.
5 (per second)