Number of ports accessed

SmartDefense detects ports scans by measuring the number of ports accessed over a period of time. The number of ports accessed must exceed the Number of ports accessed value, within the number of seconds specified by the In a period of [seconds] value, in order for SmartDefense to consider the activity a scan.

Type the minimum number of ports that must be accessed within the In a period of [seconds] period, in order for SmartDefense to detect the activity as a port scan.

For example, if this value is 30, and 40 ports are accessed within a specified period of time, SmartDefense will detect the activity as a port scan.

For Host Port Scan, the default value is 30. For Sweep Scan, the default value is 50.

In a period of [seconds]

SmartDefense detects ports scans by measuring the number of ports accessed over a period of time. The number of ports accessed must exceed the Number of ports accessed value, within the number of seconds specified by the In a period of [seconds] value, in order for SmartDefense to consider the activity a scan.

Type the maximum number of seconds that can elapse, during which the Number of ports accessed threshold is exceeded, in order for SmartDefense to detect the activity as a port scan.

For example, if this value is 20, and the Number of ports accessed threshold is exceeded for 15 seconds, SmartDefense will detect the activity as a port scan. If the threshold is exceeded for 30 seconds, SmartDefense will not detect the activity as a port scan.

The default value is 20 seconds.

Track

Specify whether to issue logs for scans, by selecting one of the following:

• Log. Issue logs. This is the default.
• None. Do not issue logs. This is the default.

Detect scans from Internet only

Specify whether to detect only scans originating from the Internet, by selecting one of the following:

• False. Do not detect only scans from the Internet. This is the default.
• True. Detect only scans from the Internet.