Method, apparatus, and program for detecting a port scan with the source address of the bogus

摘要

Computer-implemented method for the present invention relates port scan protection, devices, and computer programs. Computer-implemented method for solving [means] port scan protection, apparatus, and computer program. In response to detecting a port scan, it generates a reply data packet having a modified transmission control protocol header to form a modified reply data packet. Change response data packet, elicit a response from the recipient of the modified data packet. I is transmitted to the Internet protocol address of the first associated with the port scan, the response data packet. From the header of the response of the change response data packet to identify the Internet Protocol address of the second. Internet protocol address of the second is the Internet protocol address of the actual source of the port scan. It is possible by preventing the network traffic from all the Internet protocol address of the second, also to prevent any attacks on the ports open from the source of the port scan. [Selection Figure Figure 5