| Parameter | Description | Value |
|---|---|---|
| source-ip ip-address | Specifies the source IP address that initiates port scanning. |
The value is in dotted decimal notation. |
Based on the port scanning conditions, you can set a more precise port scanning threshold.
If the rate of a source IP address is lower than the threshold but the number value is large, a patient hacker may be using this address.
# Display port scanning conditions.
<FW> display deception syn-connect -------------------------------------------------------------------------------- Current total number = 2 -------------------------------------------------------------------------------- source rate(num/s) number vlan vpn-instance -------------------------------------------------------------------------------- 1.1.1.1 4 231 0 public 1.1.1.2 1 280 0 public --------------------------------------------------------------------------------
Item |
Description |
|---|---|
source |
Source IP address that initiates port scanning |
rate(num/s) |
Port scanning rate, in "times per second" |
number |
Number of port scanning times |
vlan |
VLAN to which the IP address belongs |
vpn-instance |
VPN instance of the IP address |