Manualshelf

User manual

ManualsBrandsAVIRA ManualsComputer equipmentProfessional security 2012
121122123124125126127128129130
Reference: Configuration options
Avira Professional Security - User Manual (Status: 14 Dec. 2012) 128
Rule
With a mouse click on the link you have the choice between add and don't add the
rule to block the TCP port scan attack.
UDP Port Scan
With this rule, you can define when a UDP port scan is assumed by the FireWall and what
should be done in this case. This rule prevents so-called UDP port scan attacks that result
in a detection of open UDP ports on your computer. This kind of attack is used to search a
computer for weak spots and is often followed by more dangerous attack types.
Predefined rules for the UDP Port Scan
Setting
Rules
Low
Assume a UDP port scan if 50 or more ports were
scanned in 5,000 milliseconds.
When detected,log attacker's IP and don't add rule to
block the attack.
Medium
Assume a UDP Port Scan if 50 or more ports were
scanned in 5,000 milliseconds.
When detected, log attacker's IP and add rule to block
the attack.
High
Same rule as for Medium level.
Ports
With a mouse click on the link a dialog box appears in which you can enter the number
of ports that must have been scanned so that a UDP Port Scan is assumed.
Port scan time window
With a mouse click on this link a dialog box appears in which you can enter the time
span for a certain number of port scans, so that a UDP Port Scan is assumed.
Event database
With a mouse click on the link you have the choice between log and don't log the
attacker's IP address.
Rule
With a mouse click on the link you have the choice between add and don't add the
rule to block the UDP port scan attack.