Name:
portscan
Released Date:
Sep 11 2006
Severity:
critical

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description

It indicates the system is likely under Port Scan attack.

A port scan attack is one of the most common and most well understood techniques for discovering and mapping services that are listening on a specified port on a target host. It is typically used by attackers? reconnaissance and scanning activities to gather information about the target so as to plan the attack approach.

There are mainly three specific and differentiated ways in port scanning techniques, open scanning, half-open scanning, and stealth scanning. Each of these techniques allows an attacker to collect ports information a target host.

Open scanning involves opening a full connection to a target host using a typical three-way TCP/IP handshake; Half-open scanning refers to the method that an attacker terminates the connection before the three-way handshake is completed; Stealth scanning includes the scanning methods that manipulate TCP reserved flags (URG, ACK, PSH, RST, SYN, FIN).
 
Impact
The target system is facing potential attacks.
 
Affected Products
Any unprotected system that is connected to the Internet is vulnerable to the attack.
Aliases
portscan
References
http://www.sys-security.com/archive/papers/Network_Scanning_Techniques.pdf
Recommended Actions

If a FortiGate with FortiOS 2.80 or above is used to protect the network, select Clear Session as the default action for this signature.

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED