User manual
Reference: Configuration options
95
add rule to block the
attack.
to block the attack.
Ports
With a mouse click on the link a dialog box appears in which you can enter the number of
ports that must have been scanned so that a UDP port scan is assumed.
Port scan time window
With a mouse click on this link a dialog box appears in which you can enter the time span
for a certain number of port scans, so that a UDP port scan is assumed.
Report file
With a mouse click on the link you have the choice to log or not to log the attacker's IP
address.
Rule
With a mouse click on the link you have the choice to add or not to add the rule to block
the UDP port scan attack.
13.4.1.1. Incoming Rules
Incoming rules are defined to control incoming data traffic by the Avira FireWall.
Note
When a packet is filtered the corresponding rules are applied successively, therefore the
rule order is very important. Change the rule order only if you are completely aware of
what you are doing.
Predefined rules for the TCP data traffic data monitor
Setting: Low Setting: Medium Setting: High
No incoming data
traffic is blocked by
the Avira FireWall.
– Allow established
TCP connections
on 135
Allow TCP
packets from
address 0.0.0.0
with mask
0.0.0.0 if local
ports in {135}
and remote ports
in {0-65535}.
Apply forpackets
of existing
connections.
Don't log when
packet matches
rule.
Advanced:
Discard packets
that have
following bytes
– Monitor
established TCP
data traffic
Allow TCP
packets from
address 0.0.0.0
with mask
0.0.0.0 if local
ports in {0-
65535} and
remote ports in
{0-65535}.
Apply forpackets
of existing
connections.
Don't log when
packet matches
rule.
Advanced:
Discard packets
that have