The principle that the IP address of USG firewall scanning attack prevention

Publication Date:  2012-09-12 Views:  225 Downloads:  0
Issue Description
Currently, the computer that infects worm virus send a large number of UDP、ICMP or TCP to the other computer automatically to confirm which target system is alive actually and connects to the internet, and then launchs cyber attacks 
Alarm Information
Handling Process
After configuring IP address scanning attack prevention, the device detects the received TCP, UDP, ICMP. If the source IP address of the received message is same, but the destination IP address is different, then add one count to the source IP exception count, it is considered the source IP user is scanning IP address attack when the abnormal frequency exceeds the predefined limen number  
Root Cause