Cisco Cisco Packet Data Gateway (PDG)
firewall port-scan
This command allows you to configure Stateful Firewall's Port Scan Detection algorithm.
Product
PSF
Privilege
Security Administrator, Administrator
Command Modes
Exec > ACS Configuration
active-charging service service_name
Entering the above command sequence results in the following prompt:
[local]
host_name
(config-acs)#
Syntax Description
firewall port-scan { connection-attempt-success-percentage { non-scanner | scanner } percentage |
inactivity-timeout inactivity_timeout | protocol { tcp | udp } response-timeout response_timeout |
scanner-policy { block inactivity-timeout inactivity_timeout | log-only } }
default firewall port-scan { connection-attempt-success- percentage { non-scanner | scanner } |
inactivity-timeout | protocol { tcp | udp } response-timeout | scanner-policy }
inactivity-timeout inactivity_timeout | protocol { tcp | udp } response-timeout response_timeout |
scanner-policy { block inactivity-timeout inactivity_timeout | log-only } }
default firewall port-scan { connection-attempt-success- percentage { non-scanner | scanner } |
inactivity-timeout | protocol { tcp | udp } response-timeout | scanner-policy }
default
Configures this command with its default setting.
connection-attempt-success-percentage { non-scanner | scanner } percentage
Specifies the connection attempt success percentage.
• non-scanner: Specifies the connection attempt success percentage for a non-scanner.
percentage must be an integer from 60 through 99.
Default: 70%
• scanner: Specifies the connection attempt success percentage for a scanner.
percentage must be an integer from 1 through 40.
Default: 30%
inactivity-timeout inactivity_timeout
Specifies the port scan inactivity timeout period, in seconds.
inactivity_timeout must be an integer from 60 through 1800.
Command Line Interface Reference, Modes A - B, StarOS Release 19
408
ACS Configuration Mode Commands
firewall port-scan