ZyXEL Communications ISG50 User Manual
Chapter 26 ADP
ISG50 User’s Guide
422
Decoy Port Scans
Decoy port scans are scans where the attacker has spoofed the source address. These are some
decoy scan types:
decoy scan types:
• TCP Decoy Portscan
• UDP Decoy Portscan
• IP Decoy Portscan
• UDP Decoy Portscan
• IP Decoy Portscan
Distributed Port Scans
Distributed port scans are many-to-one port scans. Distributed port scans occur when multiple
hosts query one host for open services. This may be used to evade intrusion detection. These are
distributed port scan types:
hosts query one host for open services. This may be used to evade intrusion detection. These are
distributed port scan types:
• TCP Distributed Portscan
• UDP Distributed Portscan
• IP Distributed Portscan
• UDP Distributed Portscan
• IP Distributed Portscan
Port Sweeps
Many different connection attempts to the same port (service) may indicate a port sweep, that is,
they are one-to-many port scans. One host scans a single port on multiple hosts. This may occur
when a new exploit comes out and the attacker is looking for a specific service. These are some
port sweep types:
they are one-to-many port scans. One host scans a single port on multiple hosts. This may occur
when a new exploit comes out and the attacker is looking for a specific service. These are some
port sweep types:
• TCP Portsweep
• UDP Portsweep
• IP Portsweep
• ICMP Portsweep
• UDP Portsweep
• IP Portsweep
• ICMP Portsweep
Filtered Port Scans
A filtered port scan may indicate that there were no network errors (ICMP unreachables or TCP
RSTs) or responses on closed ports have been suppressed. Active network devices, such as NAT
routers, may trigger these alerts if they send out many connection attempts within a very small
amount of time. These are some filtered port scan examples.
RSTs) or responses on closed ports have been suppressed. Active network devices, such as NAT
routers, may trigger these alerts if they send out many connection attempts within a very small
amount of time. These are some filtered port scan examples.
• TCP Filtered Portscan
• UDP Filtered Portscan
• IP Filtered Portscan
• TCP Filtered Decoy
Portscan
• UDP Filtered Decoy
Portscan
• IP Filtered Decoy
Portscan
• TCP Filtered Portsweep • UDP Filtered Portsweep
• IP Filtered Portsweep
• ICMP Filtered
Portsweep
• TCP Filtered Distributed
Portscan
• UDP Filtered Distributed
Portscan
• IP Filtered Distributed
Portscan