Will you get all the information you need from these actions?

You enable Sweep Scan Protection and Host port scan in IPS to determine if a large amount of traffic from a specific internal IP address is a network attack, or a user’s system is infected with a worm. Will you get all the information you need from these actions?

You enable Sweep Scan Protection and Host port scan in IPS to determine if a large amount of traffic from a specific internal IP address is a network attack, or a user’s system is infected with a worm. Will you get all the information you need from these actions?

A.
Yes. IPS will limit the traffic impact from the scans, and identify if the pattern of the traffic matches any known worms.

B.
No. These IPS protections will only block the traffic, but it will not provide a detailed analysis of the traffic.

C.
No. To verify if this is a worm or an active attack, you must also enable TCP attack defenses.

D.
No. The logs and alert can provide some level of information, but determining whether the attack is intentional or a worm, requires further research.



Leave a Reply 0

Your email address will not be published. Required fields are marked *