Scan and sweep filters constantly analyze traffic across several sessions and
packets against potential scan and sweep attacks against a network. As a result, the
Block
action setting functions differently for these filters. If the Block action is configured
with
TCP Reset functions, the TCP Reset does not occur as the network traffic is not tied
to a
single network flow.
In addition, a Block action will cause the source address to be blocked in future
network flows.
Scan and sweep filters are not affected by restrictions and exceptions in the
shared settings for Application Protection filters. When you create exceptions and
apply-only
settings in the shared settings, they only affect Vulnerability Probing filters.
Attackers may try to scan a network for available ports or try to infiltrate a
host system through its ports and software. These attacks provide entry points for
introducing
malicious code to further enact attacks through your host and ports. Scan and sweep
attacks
can consist of multiple probe attacks in large amounts, sending numerous requests
for access
and information at once. Scans and sweeps filters protect against scan attacks and
possible
exceeded threshold limits against your ports and hosts.