Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 41 subscribers
  • Views 2364 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IDS rule for NMAP or other scanners

Regex

Hello Community !

Do we have an IDS signatures for Port scanners like NMAPS ? we know that those programs can use different flags(RST, ACK, SYN, FIN...)  while its scanning some services etc.  

Also can someone explain me whats means source and destination in DDOS SETTINGS ? DOCS which i have found arent helpful:

docs.sophos.com/.../DOSAttacksReport.html



This thread was automatically locked due to age.
  • 0

    Hello!

    Sophos XG doesn't support blocking port scanners, I recommend you to Vote at the current Feature Request in here.

    Regex said:
    Also can someone explain me whats means source and destination in DDOS SETTINGS ? DOCS which i have found arent helpful:

    I think I'm wrong at this one, either way there's not a lot of reasons to use DOS Protection on the Firewall, DDoS attacks should be handled by the upstream provider or routers.

    Source = Incoming Traffic.

    Destination = Outgoing Traffic.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    Every time im asking about some CRUCIAL features from security prespective Ive got an answer "a roadmap" :D  so thats pity that i cant block most scans  from outside of the network(WAN). but regarding DDOS - Im totally agreee with ya  but i havent found any usefull information(explain) in docs thats why im asing. Btw if i'll set Source: 

    Lets say i'll try ping 1.1.1.1 then i can get:

    Ive thought also that "Source is from WAN" but im not sure regarding the test which im getting results of.

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • +1 in reply to Regex

    The Source isn't the WAN, The Source & Destination depends on the flow of the traffic.

    If your computer is doing a ping to 1.1.1.1, then your computer is the Source, and the 1.1.1.1 is the destination.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

  • 0 in reply to Prism

    hm... then im wrong. I thought that i can control how some service can reach(ping) me from WAN  how many requests can be respond.

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

Unfiltered HTML