This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IDS rule for NMAP or other scanners

Hello Community !

Do we have an IDS signatures for Port scanners like NMAPS ? we know that those programs can use different flags(RST, ACK, SYN, FIN...)  while its scanning some services etc.  

Also can someone explain me whats means source and destination in DDOS SETTINGS ? DOCS which i have found arent helpful:

docs.sophos.com/.../DOSAttacksReport.html



This thread was automatically locked due to age.
  • Hello!

    Sophos XG doesn't support blocking port scanners, I recommend you to Vote at the current Feature Request in here.

    Also can someone explain me whats means source and destination in DDOS SETTINGS ? DOCS which i have found arent helpful:

    I think I'm wrong at this one, either way there's not a lot of reasons to use DOS Protection on the Firewall, DDoS attacks should be handled by the upstream provider or routers.

    Source = Incoming Traffic.

    Destination = Outgoing Traffic.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • Every time im asking about some CRUCIAL features from security prespective Ive got an answer "a roadmap" :D  so thats pity that i cant block most scans  from outside of the network(WAN). but regarding DDOS - Im totally agreee with ya  but i havent found any usefull information(explain) in docs thats why im asing. Btw if i'll set Source: 

    Lets say i'll try ping 1.1.1.1 then i can get:

    Ive thought also that "Source is from WAN" but im not sure regarding the test which im getting results of.

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb

  • The Source isn't the WAN, The Source & Destination depends on the flow of the traffic.

    If your computer is doing a ping to 1.1.1.1, then your computer is the Source, and the 1.1.1.1 is the destination.


    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v20 GA @ Home

    XG 115w Rev.3 8GB RAM v19.5 MR3 @ Travel Firewall

  • hm... then im wrong. I thought that i can control how some service can reach(ping) me from WAN  how many requests can be respond.

    __________SETUP___________

    HP Small Form Factor:  i5 4Cores, 8Gb of RAM.
    Intel Network Card 5x Eth
    SSD: 256Gb