DefensePro User Guide
Security Configuration
170
Document ID: RDWR-DP-V0602_UG1201
Configuring Anti-Scanning Protection for Network Protection
Worm-propagation prevention and anti-scanning prevent zero-day self-propagating network worms,
horizontal scans, and vertical scans.
A self-propagating worm is an attack that spreads by itself using network resources. This worm uses
a random-IP-address-generation technique (that is, network scanning) to locate a vulnerable host to
infect. When a vulnerable host is identified, the worm immediately executes its code on this host,
thereby infecting the computer with the worm’s malicious code. Then, the infected hosts initiate
similar scanning techniques and infect other hosts propagating exponentially.
There are several random IP address generation techniques, commonly characterized with
horizontal scanning schemes.
Prior to launching an attack, hackers try to identify what TCP and UDP ports are open on the victim
machine. An open port represents a service, an application or a back door. Ports left open
unintentionally can create serious security problems. These scanning techniques commonly utilize a
vertical scanning scheme.
The worm propagation activity is detected and prevented by DefensePro’s Anti-Scanning protection.
Advanced Parameters
Level Of Regularization
The packet-rate detection sensitivity—that is, to what extent the BDoS
engine considers the PPS-rate values (baseline and current).
This parameter is relevant only for only for BDoS UDP protection.
Values:
•
Disable
•
Low
•
Medium
•
High
Default: Low
Packet Reporting and Trace Setting
Packet Report
Specifies whether the device sends sampled attack packets to APSolute
Vision for offline analysis.
Default: Disabled
Note:
When this feature is enabled, for the feature to take effect, the
global setting must be enabled (Configuration perspective >
Advanced Parameters > Security Reporting Settings >
Enable Packet Reporting).
Packet Trace
Specifies whether the DefensePro device sends attack packets to the
specified physical port.
Default: Disabled
Caution:
When this feature is enabled here, for the feature to take
effect, the global setting must be enabled (Configuration
perspective > Advanced Parameters > Security
Reporting Settings > Enable Packet Trace). In addition,
a change to this parameter takes effect only after you update
policies.
Table 87: BDoS Profile Parameters
Parameter
Description
Содержание DefensePro 6.02
Страница 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Страница 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Страница 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Страница 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Страница 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Страница 256: ...DefensePro User Guide Managing Device Operations and Maintenance 256 Document ID RDWR DP V0602_UG1201 ...
Страница 274: ...DefensePro User Guide Monitoring DefensePro Devices and Interfaces 274 Document ID RDWR DP V0602_UG1201 ...
Страница 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Страница 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Страница 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...