Protection Against Port Scanning - Cisco ASR 5000 series Product Overview

Personal Stateful Firewall Overview
UDP-based Attacks:
ICMP-based Attacks:
Other DoS Attacks:

Protection against Port Scanning

Port scanning is a technique used to determine the states of TCP/UDP ports on a network host, and to map out hosts on
a network. Essentially, a port scan consists of sending a message to each port on the host, one at a time. The kind of
response received indicates whether the port is used, and can therefore be probed further for weakness. This way
hackers find potential weaknesses that can be exploited.
Stateful Firewall provides protection against port scanning by implementing port scan detection algorithms. Port-scan
attacks are only detected in the downlink direction—traffic from external network towards mobile subscribers.
Application-level Gateway Support
A stateful firewall while ensuring that only legitimate connections are allowed, also maintains the state of an allowed
connection. Some network applications require additional connections to be opened up in either direction and
information regarding such connections is sent in the application payload. For these applications to work properly, a
stateful firewall must inspect, analyze, and parse these application payloads to get the additional connection
information, and open partial connections/pinholes in the firewall to allow the connections.
OL-22938-02
Invalid UDP echo response
Invalid UDP packet length
UDP checksum errors
Short UDP header length
UDP flood attack — Detected only in downlink direction
Invalid ICMP response
ICMP reply error
Invalid ICMP type packet
ICMP error message replay attacks
ICMP packets with duplicate sequence number
Short ICMP header length
Invalid ICMP packet length
ICMP flood attack — Detected only in downlink direction
Ping of death attacks
ICMP checksum errors
ICMP packets with destination unreachable message
Port-scan attacks — Detected only in downlink direction
Supported Features ▀
Cisco ASR 5000 Series Product Overview ▄