Port scan detection

The intrusion detection system tries to detect port scans, to report them, and to react to the attack. This is similar to detecting a SYN flood attack (see SYN flooding): A count is kept of the number of "half-open" connections, whereby a TCP reset sent by the scanned computer leaves a "half-open" connection open again.

Once a certain number of half-open connections exists between the scanned and the scanned computer, this is reported as a port scan.

Similarly, the reception of empty UDP packets is interpreted as an attempted port scan.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo