Справочник Пользователя для Avira antivir network bundle 2012
Reference: Configuration options
Avira Professional Security - User Manual (Status: 23 Sep. 2011)
121
Assume Flooding
With a mouse click on the link, a dialog box is displayed where you can enter the
maximum allowed ICMP delay. Example: 50 milliseconds.
maximum allowed ICMP delay. Example: 50 milliseconds.
Fragmented ICMP packets
With a mouse click on the link, you have the choice between "Reject" and "Don't
reject" fragmented ICMP packets.
reject" fragmented ICMP packets.
TCP port scan
With this rule, you can define when a TCP port scan is assumed by the FireWall and what
should be done in this case. This rule serves for preventing so-called TCP port scan
attacks that result in a detection of open TCP ports on your computer. This kind of attack is
used to search a computer for weak spots and is often followed by more dangerous attack
types.
should be done in this case. This rule serves for preventing so-called TCP port scan
attacks that result in a detection of open TCP ports on your computer. This kind of attack is
used to search a computer for weak spots and is often followed by more dangerous attack
types.
Predefined rules for the TCP Port Scan
Setting
Rules
Low
Assume a TCP Port Scan if 50 or more ports were
scanned in 5,000 milliseconds.
When detected, log attacker's IP and don't add rule to
block the attack.
scanned in 5,000 milliseconds.
When detected, log attacker's IP and don't add rule to
block the attack.
Medium
Assume a TCP Port Scan if 50 or more ports were
scanned in 5,000 milliseconds.
When detected, log attacker's IP and add rule to block the
attack.
scanned in 5,000 milliseconds.
When detected, log attacker's IP and add rule to block the
attack.
High
Same rule as for Medium level.
Ports
With a mouse click on the link a dialog box appears in which you can enter the number
of ports that must have been scanned so that a TCP port scan is assumed.
of ports that must have been scanned so that a TCP port scan is assumed.
Port scan time window
With a mouse click on this link a dialog box appears in which you can enter the time
span for a certain number of port scans, so that a TCP port scan is assumed.
span for a certain number of port scans, so that a TCP port scan is assumed.
Event database
With a mouse click on the link you have the choice between "log" and "don't log" the
attacker's IP address.
attacker's IP address.