Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What triggers a port scan attack

0

0

Article ID: KB5106 KB Last Updated: 09 Jun 2010Version: 3.0
Summary:
What triggers a port scan attack
Symptoms:
There is a threshold setting in the WebUI, but no unit shown What triggers a port scan attack
Solution:

 
Port scanners try to connect to a remote host by attempting to connect to all ports on the host.  If the port scan responds to any of those attempts, it will create a log so that the hacker can investigate any holes to attack.
 
Host applications will usually listen on a small set of specific ports on TCP.  However, other ports on the server may also be active.  This is a definite vulnerability, and hackers will employ a port scan, and check for any unprotected port, and could launch an attack on the server using that unprotected port.
 
NetScreen includes an option to detect a port scan attempt, and block those packets.  NetScreen  internally logs the number of different ports from one remote source to one destination.  The port scan threshold is set to a default of 10 ports scanned per 5000 microseconds, which equates to 2000 ports/second.  Increasing the port scan threshold will increase the likelihood of a positive port scan detection. 
 

Here is the problem or goal:

  • What triggers a port scan attack

Problem Environment:

  • There is a threshold setting in the WebUI, but no unit shown

Applicable Products:

  • NetScreen-5
  • NetScreen-5XP
  • NetScreen-10
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-1000

Applicable ScreenOS:

  • 1.64
  • 1.65
  • 1.66
  • 2.00
  • 2.01
  • 2.10
  • 2.50
  • 2.6.0
  • 2.6.1
  • 2.7.1
  • 2.8.0
  • 3.0.0
  • 3.0.1
  • 3.0.2
  • 3.1.0


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search