Chapter 22 ADP
NXC5200 User’s Guide
349
22.4 Technical Reference
This section is divided into traffic anomaly background information and protocol
anomaly background information.
Port Scanning
An attacker scans device(s) to determine what types of network protocols or
services a device supports. One of the most common port scanning tools in use
today is Nmap.
Many connection attempts to different ports (services) may indicate a port scan.
These are some port scan types:
• TCP Portscan
• UDP Portscan
• IP Portscan
An IP port scan searches not only for TCP, UDP and ICMP protocols in use by the
remote computer, but also additional IP protocols such as EGP (Exterior Gateway
Protocol) or IGP (Interior Gateway Protocol). Determining these additional
protocols can help reveal if the destination device is a workstation, a printer, or a
router.
Decoy Port Scans
Decoy port scans are scans where the attacker has spoofed the source address.
These are some decoy scan types:
• TCP Decoy Portscan
• UDP Decoy Portscan
• IP Decoy Portscan
Cancel
Click Cancel to return to the profile summary page without saving any
changes.
Save
Click Save to save the configuration to the NXC but remain in the same
page. You may then go to the another profile screen (tab) in order to
complete the profile. Click OK in the final profile screen to complete the
profile.
Table 127
Add/Edit Profile > Protocol Anomaly (continued)
LABEL
DESCRIPTION