Table of Contents
Advertisement
Table A-1 6.x to 7.0 Keyword Mapping (continued)
6.x Keyword
PERF_STATS
PORTZERO
7.0 XML Attribute
NSC/PerformanceReport
NSC/SC/C/TransportLayer/port-zero
Description
Instructs the sensor to report performance data
to the dragon.log file.
Technical Note
This must be used in conjunction with
"NSC/PerformanceReport/packets" on
page A-32 which defines the number of packets
to analyze, or the
"NSC/PerformanceReport/
seconds" on page A-32 which specifies a time
interval to inspect.
Configures Network Sensor to log any TCP or
UDP packet with a source or destination port of
zero. Such packets may be the result of NAT
devices, busy DNS servers and a variety of
hacker scanning and probing attacks. These
events are labeled [PORT-ZERO].
Some tools send TCP packets to port zero in an
effort to identify the type of operating system
based on the response from such a query. Not
every operating system responds on port zero
the same way. These tools can keep a database
of unique responses for each operating system
then determine the remote type with one or two
packet probes.
Technical Note
This alert ignores fragments.
Creating Network Sensor Policies and Signatures A-33
6.x to 7.x Mappings
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?