Cisco Cisco Packet Data Gateway (PDG)
ACS Configuration Mode Commands
firewall port-scan ▀
Command Line Interface Reference, StarOS Release 18 ▄
487
firewall port-scan
This command allows you to configure Stateful Firewall’s Port Scan Detection algorithm.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration
active-charging service service_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-acs)#
Syntax
firewall port-scan { connection-attempt-success-percentage { non-scanner | scanner }
percentage | inactivity-timeout inactivity_timeout | protocol { tcp | udp } response-
timeout response_timeout | scanner-policy { block inactivity-timeout inactivity_timeout |
log-only } }
percentage | inactivity-timeout inactivity_timeout | protocol { tcp | udp } response-
timeout response_timeout | scanner-policy { block inactivity-timeout inactivity_timeout |
log-only } }
default firewall port-scan { connection-attempt-success- percentage { non-scanner |
scanner } | inactivity-timeout | protocol { tcp | udp } response-timeout | scanner-policy
}
scanner } | inactivity-timeout | protocol { tcp | udp } response-timeout | scanner-policy
}
default
Configures this command with its default setting.
connection-attempt-success-percentage { non-scanner | scanner } percentage
Specifies the connection attempt success percentage.
non-scanner
: Specifies the connection attempt success percentage for a non-scanner.
percentage
must be an integer from 60 through 99.
Default: 70%
scanner
: Specifies the connection attempt success percentage for a scanner.
percentage
must be an integer from 1 through 40.
Default: 30%
inactivity-timeout inactivity_timeout
Specifies the port scan inactivity timeout period, in seconds.
inactivity_timeout
must be an integer from 60 through 1800.
Default: 300 seconds
protocol { tcp | udp } response-timeout response_timeout
Specifies transport protocol and response-timeout period.