Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
421422423424425426427428429430
6-16
Intrusion Detection and Prevention
Threat Detection and Prevention
Reconnaissance Detection
When looking for reconnaissance attacks, the TMS zl Module inspects packet
headers. It looks for any irregularities.
The TMS zl Module can detect reconnaissance probes such as port scan, OS
fingerprinting probes, and so on. IDS can detect the following scans by default:
TCP SYN
TCP FIN
TCP ACK
UDP
IP protocol
TCP null flag
Ping
The TMS zl Module detects a scan when it receives sixty packets of the same
type within one second.
TCP SYN Scan
In this scan, the attacker attempts to discover which TCP ports are open on a
host by sending a synchronize (SYN) packet to a particular port.
Figure 6-4. TCP SYN Attack, Closed Port
If the port is closed, the host returns a reset (RST) packet.