Monitoring portscan on the firewall

To monitor portscan, log into the device CLI and use the following commands.

• show threat-detection portscan [ attacker | target | shun]

  Shows the IP addresses of scanners, those that have been shunned (blocked), and hosts that have been targeted by scans or sweeps.

• show threat-detection portscan statistics [ host [ ipv4_address | ipv6_address]] [ protocol { tcp | udp | ip | icmp} ]

  Shows statistics related to the portscan system. You can specify host, protocol, or host and protocol to filter the output to the desired information.

• clear threat-detection portscan [ attacker | target | shun] [ ipv4_address mask | ipv6_address/prefix ]

  Manually unblocks scanners (attackers) or identified targets. Enter the command without parameters to clear all attackers, targets, or shunned hosts.

• clear threat-detection portscan statistics [ host [ ipv4_address | ipv6_address]] [ protocol { tcp | udp | ip | icmp} ]

  Erases statistics related to portscan, so that you can more clearly see the current state of scanning through this device. Enter the command without parameters to clear all statistics. Alternatively, specify a host, protocol, or host and protocol, to limit the reset to the specified items.