The Attack Detection plug-in informs you of a possible attack on your computer from the Internet or the network your computer is connected to.
The Outpost Attack Detection Plug-in consists of two parts:
Outpost Scanning Detection module.
Outpost Attack Detection module.
The Outpost Attack Detection module detects and blocks the following attacks-also called exploits or Denial Of Service (DOS) attacks: Teardrop, Nestea, Iceping, Moyari13, Winnuke, Nuke, FRAG_ICMP Class (Jol12, Targa13 and other), FRAG_IGMP Class (IGMPSYN and other), SHORT_FRAGMENTS Class, MY_ADDRESS Class (Snork and others), Rst, 1234, Fawx, Fawx2, Kox, Tidcmp, Rfposion, Rfparalyse and Win95handles.
The Outpost Attack Detection module can also detect and neutralize simple distributed DOS attacks.
The Outpost Scanning Detection module can detect simple TCP and UDP port scanning as well as the following types of stealth scanning: Syn, Fin, Xmas, Null, Udp. If Outpost detects a suspicious packet, it displays the "Connection request" message in its log file. "Port Scanning" is another intrusion indicator that is detected if several suspicious packets are received from one remote host within a specified time interval.
The following topics describe how to set-up the Attack Detection plug-in: