Network Attack Blocker (also called Intrusion Detection System) tracks incoming network traffic for activities characteristic of network attacks. When Kaspersky application detects a network attack attempt on a user's computer, it blocks the network connection with the attacking computer. Descriptions of currently known types of network attacks and methods of neutralizing them are specified in Kaspersky application databases. The list of network attacks that are detectable by the Network Attack Blocker is updated when the application databases and modules are updated.
Network Attack Blocker settings
Settings |
Description |
---|---|
Treat port scanning and network flooding as attacks |
Network Flooding is an attack on organization's network resources (for example, web servers). This attack consists in sending a massive amount of traffic to exhaust the traffic capacity of a network. As a result, users can't access organization's network resources. Port scanning attack consists in scanning UDP- and TCP ports, as well as network services on the computer. This attack allows to determine computer’s vulnerability level before even more dangerous types of network attacks. Port scanning also allows hackers to determine computer's OS and choose OS-specific attacks for it. If the toggle is on, the Network Attack Blocker component blocks port scanning and network flooding. |
Block attacking computers for N min |
If the function is enabled, the Network Attack Blocker component adds the attacking computer to the blocked list. This means that the Network Attack Blocker will block the network connection with the attacking computer after the first network attack attempt during the specified period of time in order to automatically protect the user’s computer against any possible future network attacks from the same address. The attacking computer can be added to the block list for a minimum time of one minute. The maximum time is 999 minutes. |
Manage exclusions |
The list contains IP addresses from which the Network Attack Blocker does not block network attacks. You can add an IP address with port and protocol. The application does not report information about network attacks from IP addresses included in the exception list. |