Port scan excessive pings – Netopia 6.3 User Manual

24

Section 3

General

mentation information can also be exploited to create an illegally sized
packet. Unwary hosts will often crash when the illegal fragment corrupts
data outside of the “normal” packet bounds. The Cayman unit will detect
and discard illegal packet fragments, and the Security Monitoring software
logs the event.

Logged information includes:

Port Scan

Port scanning is the technique of probing to determine the list of TCP or
UDP ports on which a host, or in our case, a Gateway is providing services.
For example, the HTTP service is usually available on TCP port 80. Once
hackers have your port list, they can refine their attack by focusing atten-
tion on these ports. According to the TCP/IP/UDP standards, a host will
return an ICMP (Internet Control Message Protocol) message stating “port
unreachable” on all inactive ports. The Security Monitoring software moni-
tors these circumstances, and will log an alert if it appears the cause is the
result of someone running a port scan.

Logged information includes:

Excessive Pings

The PING (Packet InterNet Groper) Utility is used by hackers to identify
prospective targets that can be attacked. The Security Monitoring software
will record instances where the router itself is pinged by the same host
more than ten times.

Logged information includes:

IP source address

IP destination address

Number of attempts

Time at last attempt

Illegal packer size

Protocol type

IP source address

Time at last attempt

Number of ports scanned

Highest port

Lowest port

Port numbers of first 10 ports scanned

IP source address

IP destination address

Number of attempts

Time at last attempt