Reconnaissance
- Ashish Khabde
Analytics
Reconnaissance attacks consist of attempts to get information on the network environment before launching a large DDoS or other types of attacks. Techniques include port scanning and finding versions and authors. These attacks exhibit abnormal behavior patterns that, if identified, can provide early warnings.
The following table lists the auto rules that are used to mitigate reconnaissance attacks on your advanced appliance.
You can configure the following rule parameter for all rules in this category:
- Events per second: The number of events logged per second for the rule. Setting a value to 0 (zero) disables the appliance from logging events for the rule. The default value is 10.
| Rule ID | Rule Type | Rule Name | Description | Enable Condition | Parameters | Comments |
|---|---|---|---|---|---|---|
| 110100100 | Auto | EARLY DROP DNS named author attempts | This rule drops UDP DNS packets that contain attempts to find AUTHOR information. | Always enabled. | Events per second (default = 1) | |
| 110100200 | Auto | EARLY DROP DNS named version attempts | This rule drops UDP DNS packets that contain attempts to find VERSION information. | Always enabled. | Events per second (default = 1) |