Справочник Пользователя для ZyXEL Communications 1000

Chapter 35 ADP

ZyWALL USG 1000 User’s Guide

Decoy port scans are scans where the attacker has spoofed the source address. 
These are some decoy scan types: 

• TCP  Decoy  Portscan
• UDP Decoy Portscan
• IP Decoy Portscan

Distributed port scans are many-to-one port scans. Distributed port scans occur 
when multiple hosts query one host for open services. This may be used to evade 
intrusion detection. These are distributed port scan types:

• TCP Distributed Portscan
• UDP Distributed Portscan
• IP Distributed Portscan

Many different connection attempts to the same port (service) may indicate a port 
sweep, that is, they are one-to-many port scans. One host scans a single port on 
multiple hosts. This may occur when a new exploit comes out and the attacker is 
looking for a specific service. These are some port sweep types:

• TCP Portsweep
• UDP Portsweep
• IP  Portsweep
• ICMP  Portsweep

A filtered port scan may indicate that there were no network errors (ICMP 
unreachables or TCP RSTs) or responses on closed ports have been suppressed. 
Active network devices, such as NAT routers, may trigger these alerts if they send 
out many connection attempts within a very small amount of time. These are 
some filtered port scan examples.  

• TCP Filtered 

Portscan

• UDP Filtered Portscan

• IP Filtered Portscan

• TCP Filtered Decoy 

Portscan

• UDP  Filtered  Decoy 

Portscan

• IP Filtered Decoy 

Portscan

• TCP Filtered 

Portsweep

• UDP Filtered Portsweep • IP Filtered Portsweep