Справочник Пользователя для Avira antivir professional 10
Reference: Configuration options
113
With a mouse click on the link you have the choice to add or not to add the rule to block
the TCP port scan attack.
UDP port scan
With this rule, you can define when a UDP port scan is assumed by the FireWall and
With this rule, you can define when a UDP port scan is assumed by the FireWall and
what should be done in this case. This rule prevents so-called UDP port scan attacks that
result in a detection of open UDP ports on your computer. This kind of attack is used to
search a computer for weak spots and is often followed by more dangerous attack types.
Predefined rules for the UDP port scan
Setting: Low
Setting: Medium
Setting: High
Assume a UDP port scan
if
if
50 or more ports were
scanned in
5,000
milliseconds.
When detected,
When detected,
log
attacker's IP and
don't
add rule to block the
attack.
Assume a UDP port scan
if
if
50 or more ports were
scanned in
5,000
milliseconds.
When detected,
When detected,
log
attacker's IP and
add rule
to block the attack.
Same rule as for medium
level.
Ports
With a mouse click on the link a dialog box appears in which you can enter the number of
ports that must have been scanned so that a UDP port scan is assumed.
Port scan time window
With a mouse click on this link a dialog box appears in which you can enter the time span
for a certain number of port scans, so that a UDP port scan is assumed.
Report file
With a mouse click on the link you have the choice to log or not to log the attacker's IP
address.
Rule
With a mouse click on the link you have the choice to add or not to add the rule to block
the UDP port scan attack.
12.5.2.1. Incoming Rules
Incoming rules are defined to control incoming data traffic by the Avira FireWall.
Note
Note
When a packet is filtered the corresponding rules are applied successively, therefore the
rule order is very important. Change the rule order only if you are completely aware of
what you are doing.
Predefined rules for the TCP data traffic data monitor
Setting: Low
Setting: Medium
Setting: High
No incoming data
traffic is blocked by
the Avira FireWall.
–
Allow established
TCP connections
on 135
–
Monitor
established TCP
data traffic