ZyXEL Communications ISG50-ISDN User Manual page 422

Chapter 26 ADP
Decoy Port Scans
Decoy port scans are scans where the attacker has spoofed the source address. These are some
decoy scan types:
• TCP Decoy Portscan
• UDP Decoy Portscan
• IP Decoy Portscan
Distributed Port Scans
Distributed port scans are many-to-one port scans. Distributed port scans occur when multiple
hosts query one host for open services. This may be used to evade intrusion detection. These are
distributed port scan types:
• TCP Distributed Portscan
• UDP Distributed Portscan
• IP Distributed Portscan
Port Sweeps
Many different connection attempts to the same port (service) may indicate a port sweep, that is,
they are one-to-many port scans. One host scans a single port on multiple hosts. This may occur
when a new exploit comes out and the attacker is looking for a specific service. These are some
port sweep types:
• TCP Portsweep
• UDP Portsweep
• IP Portsweep
• ICMP Portsweep
Filtered Port Scans
A filtered port scan may indicate that there were no network errors (ICMP unreachables or TCP
RSTs) or responses on closed ports have been suppressed. Active network devices, such as NAT
routers, may trigger these alerts if they send out many connection attempts within a very small
amount of time. These are some filtered port scan examples.
• TCP Filtered Portscan
• TCP Filtered Decoy
Portscan
• TCP Filtered Portsweep • UDP Filtered Portsweep
• ICMP Filtered
Portsweep
• IP Filtered Distributed
Portscan
422
• UDP Filtered Portscan
• UDP Filtered Decoy
Portscan
• TCP Filtered Distributed
Portscan
• IP Filtered Portscan
• IP Filtered Decoy
Portscan
• IP Filtered Portsweep
• UDP Filtered Distributed
Portscan
ISG50 User's Guide