Configuring UDP Port Scan Attack Screen
This topic describes how to configure detection of a UDP port scan attack.
These attacks scan the target IP addresses for open, listening, or responsive services by targeting multiple protocols or ports on one or more target IP address using obvious (sequentially numbered) patterns of the target protocol or port numbers. The patterns are derived by randomizing the protocol or port numbers and randomizing the time delays between the transmissions.
Configure the security screen option and attach it to the untrustZone as follows:
[edit] user@host# set security screen ids-option untrustScreen udp port-scan user@host# set security screen ids-option untrustScreen alarm-without-drop user@host# set security zones security-zone untrustZone screen untrustScreen