Port Scanning Protection

True Protection by Jag detects and blocks port scanning attempts directed at your device. Port scanning is a common reconnaissance technique used by attackers to discover open services and potential vulnerabilities on your system.

Detection Methods

Sequential Port Detection: Identifies attempts to connect to multiple ports in sequence, a hallmark of automated scanning tools.
SYN Scan Detection: Detects half-open TCP connections used by stealthy SYN scans (also known as half-open scans).
UDP Scan Detection: Identifies UDP probes sent to multiple ports looking for open services.
Slow Scan Detection: JagAI correlates connection attempts spread over long periods to detect slow, distributed scans designed to evade basic detection.
OS Fingerprinting Protection: Detects and blocks attempts to identify your operating system through crafted network packets.

Automatic Response

Block Source IP: Automatically block the scanning IP address for a configurable duration (default: 1 hour).
Stealth Mode: When enabled, your device does not respond to probes on closed ports, making it appear invisible on the network.
Alert Generation: Each detected scan generates an alert with source IP, ports targeted, scan type, and timestamp.

Configuration

Navigate to Network > Firewall > Scan Protection to configure detection sensitivity (Low, Medium, High), automatic response actions, and exclusions for legitimate network scanning tools used by your IT team.