Network Attack Blocker
Kaspersky Security Cloud protects your computer against network attacks.
A network attack is an attempt to break into the operating system of a remote computer. Criminals attempt network attacks to establish control over the operating system, cause operating system denial of service, or access sensitive information. To achieve these goals, criminals either carry out direct attacks such as port scanning and brute force attacks, or use malware installed on a computer under attack.
Network attacks can be divided into the following types:
- Port scanning. This type of network attack is usually performed to prepare for a more dangerous network attack. An intruder scans UDP/TCP ports that use network services on the target computer and determines the vulnerability of the target computers to other, more dangerous types of network attacks. Port scanning also enables the intruder to determine the operating system on the target computer and select appropriate network attacks for that operating system.
- DoS attacks or network attacks causing a denial of service. Such network attacks cause the target operating system to become unstable or completely inoperable.
The following main types of DoS attacks exist:
- Transmission of specially designed network packets that are not expected by the target computer and therefore cause the target operating system to malfunction or crash.
- Sending a large number of network packets to a remote computer over a short period. All of the resources of the target computer are used to process the network packets sent by the intruder. As a result, the computer stops performing its functions.
- Network intrusion attacks. Such network attacks are designed to "hijack" the operating system of the target computer. This is the most dangerous type of network attack because, if the attack is successful, the intruder gains total control over the operating system.
This type of network attack is used when the intruder wants to obtain confidential data from a remote computer (such as bank card numbers or passwords) or secretly use the remote computer for the intruder’s purposes (such as for attacking other computers from this computer).
Enable/disable Network Attack Blocker
Important: If you have disabled Network Attack Blocker, it will not be re-enabled automatically when Kaspersky Security Cloud starts again or after the operating system restarts. You have to re-enable Network Attack Blocker manually.
When the application detects dangerous network activity, Kaspersky Security Cloud automatically adds the IP address of the attacking computer to the list of blocked computers, unless the attacking computer is in the list of trusted computers.
Edit the list of blocked computers
You can create and edit the list of trusted computers. Kaspersky Security Cloud doesn't block the IP addresses of these computers automatically even after dangerous network activity is detected from them.
Edit the list of trusted computers
.
.When a network attack is detected, Kaspersky Security Cloud logs information about the attack in a report.
Note: If the Network Attack Blocker component stops running with an error, you can view the report and try to restart the component. If the problem is not solved, you can contact Kaspersky Technical Support.
View the Network Attack Blocker report
You can view overall statistics on protection against network attacks (number of blocked computers and number of events since last startup of the Network Attack Blocker component) in Protection Center by clicking Details in the right pane of the main application window.
Page top