Network Attack Blocker settings

November 9, 2022

ID 68162

Network Attack Blocker loads at operating system startup and tracks incoming network traffic for activities characteristic of network attacks. When the Kaspersky application detects a network attack attempt on a user's computer, it blocks the network connection with the attacking computer. Descriptions of currently known types of network attacks and methods of neutralizing them are specified in the Kaspersky application databases. The list of network attacks that are detectable by the Network Attack Blocker is updated when the application databases and modules are updated.

Settings	Description
Treat port scanning and network flooding as attacks	Network Flooding is an attack on organization's network resources (for example, web servers). This attack consists in sending a massive amount of traffic to exhaust the traffic capacity of a network. As a result, users can't access organization's network resources. Port scanning attack consists in scanning UDP- and TCP ports, as well as network services on the computer. This attack allows to determine computer’s vulnerability level before even more dangerous types of network attacks. Port scanning also allows hackers to determine computer's OS and choose OS-specific attacks for it. If the toggle is on, the Network Attack Blocker component blocks port scanning and network flooding.
Add an attacking computer to the list of blocked computers for N min	If the toggle is on, the Network Attack Blocker component adds the attacking computer to the blocked list. This means that the Network Attack Blocker will block the network connection with the attacking computer after the first network attack attempt during the specified period of time in order to automatically protect the user’s computer against any possible future network attacks from the same address. The attacking computer can be added to the block list for a minimum time of one minute. The maximum duration is 32 768 minutes.
Manage exclusions	The list contains IP addresses from which the Network Attack Blocker does not block network attacks. The application does not report information about network attacks from IP addresses included in the exception list.

Settings

Description

Treat port scanning and network flooding as attacks

Network Flooding is an attack on organization's network resources (for example, web servers). This attack consists in sending a massive amount of traffic to exhaust the traffic capacity of a network. As a result, users can't access organization's network resources.

Port scanning attack consists in scanning UDP- and TCP ports, as well as network services on the computer. This attack allows to determine computer’s vulnerability level before even more dangerous types of network attacks. Port scanning also allows hackers to determine computer's OS and choose OS-specific attacks for it.

If the toggle is on, the Network Attack Blocker component blocks port scanning and network flooding.

Add an attacking computer to the list of blocked computers for N min

If the toggle is on, the Network Attack Blocker component adds the attacking computer to the blocked list. This means that the Network Attack Blocker will block the network connection with the attacking computer after the first network attack attempt during the specified period of time in order to automatically protect the user’s computer against any possible future network attacks from the same address. The attacking computer can be added to the block list for a minimum time of one minute. The maximum duration is 32 768 minutes.

Manage exclusions

The list contains IP addresses from which the Network Attack Blocker does not block network attacks.

The application does not report information about network attacks from IP addresses included in the exception list.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.