User Manual
User Manual
User Manual
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Outgoing blocked types: no types/several types<br />
Reference: Configuration options<br />
With a mouse click on the link a list of ICMP packet types is displayed. From this list<br />
you can select the desired outgoing ICMP message types you want to block.<br />
Flooding<br />
With a mouse click on the link, a dialog box is displayed where you can enter the<br />
maximum allowed ICMPA delay.<br />
Fragmented ICMP packets<br />
With a mouse click on the link, you have the choice to reject or not to reject<br />
fragmented ICMP packets.<br />
TCP port scan<br />
With this rule, you can define when a TCP port scan is assumed by the FireWall and what<br />
should be done in this case. This rule serves for preventing so-called TCP port scan<br />
attacks that result in a detection of open TCP ports on your computer. This kind of attack is<br />
used to search a computer for weak spots and is often followed by more dangerous attack<br />
types.<br />
Predefined rules for the TCP port scan<br />
Setting Rules<br />
Low Assume a TCP port scan if 50 or more ports were<br />
scanned in 5,000 milliseconds.<br />
When detected, log attacker's IP and don't add rule<br />
to block the attack.<br />
Medium Assume a TCP port scan if 50 or more ports were<br />
scanned in 5,000 milliseconds.<br />
When detected, log attacker's IP and add rule to<br />
block the attack.<br />
High Same rule as for medium level.<br />
Ports<br />
With a mouse click on the link a dialog box appears in which you can enter the number<br />
of ports that must have been scanned so that a TCP port scan is assumed.<br />
Port scan time window<br />
With a mouse click on this link a dialog box appears in which you can enter the time<br />
span for a certain number of port scans, so that a TCP port scan is assumed.<br />
Avira Professional Security - <strong>User</strong> <strong>Manual</strong> (Status: 30 Mar. 2012) 146