KFSensor

 

Edit Listen

Use the Edit Listen dialog box to add or edit a listen definition.

You will find a description of what is a Listen here.

Listen On

  • Name
    The name of the listen definition. This will be used in an event generated by a connection to this Listen.
  • Icon
    Specifies one of eight Listen Icons that should be associated with this listen definition.
    The icon will be displayed next to the port in the port view and with each event generated by this listen in the Event View.
  • Class
    Specifies the class that this Listen definition should be assigned.
    Select an existing class from the combobox, or enter a new class name.
    The classes are used to classify similar types of Listen enabling them to be added or removed from a scenario as a group.
    Use the Add/Remove Classes button, on the Edit Scenario dialog box, to add or remove classes of definitions.
  • Protocol
    Specifies the communications protocol for this Listen.
  • Port
    Specifies the port number to listen on.
  • Bind Address Specifies the IP address to listen on.
    If you have more than one network connection, such as a LAN and an internet connection you can run different listens for each connection on the same port.

    As well as entering a numeric address you can select one of the values below to handle dynamic IP allocation.
    Name Notes
    All, or blank If this is left blank, or set to "All" then the listen will bind to all available IP addresses.
    Loopback Bind to the loopback IP address: 127.0.0.1
    First Public Bind to the first public IP address found.
    A public IP address is available from anywhere in the Internet
    First Private Bind to the first private IP address found.
    A private IP address is in a range that is reserved for private use.
    These are the addresses typically found on an internal network and a often assigned dynamically.
    Start End
    10.0.0.0 10.255.255.255
    172.16.0.0 172.31.255.255
    192.168.0.0 192.168.255.255
    Second Public Bind to the second public IP address found
    Second Private Bind to the second private IP address found
    Third Public Bind to the third public IP address found
    Third Private Bind to the third private IP address found
  • Active
    If the Active control is unchecked then the Listen will be turned off.
  • Hide if no events
    If this option is checked then this port will be hidden in the port view if no events are associated with this listen definition.
    If unchecked then this port will never be hidden in the port view.
    Port hiding is enabled using the 'Hide Ports With No Events' option in the View Menu.

Action

  • Action Type
    This specifies the type of action that should be performed by the Listen when a connection is made.
    Different Action Types are described in the Listen section.
  • Severity
    The severity level that events generated by this listen will be given.
  • Time Out
    For a Read and Close listen definition this defines how long the KFSensor server should wait for before closing the connection.
  • Sim Name
    For a Sim Server listen this control is used to specify the name of the Sim Server to use.

Visitor DOS Attack Limits

These settings allow different DOS Attacks settings to be applied to an individual port, which over-ride the default Visitor DOS Attack Limits specified in the DOS Attack Settings dialog.

Certain ports such as UDP 137 receive a lot more connections than other ports and thus you may wish to set a higher limit than that applied to other ports.

  • Max connections per IP
    If a visitor makes more connections to this port than the setting allows the visitor will be either locked out or ignored.
    If this field is blank then the standard visitor limit in the DOS Attack Settings dialog will apply.
  • Action on max connections per IP
    This options control how the server should handle subsequent connections to this port from a visitor that reaches the Max connections per IP limit.
    • Lock out
      The visitor will be locked out for the specified period of time
    • Ignore
      The connection will be processed as normal but no event will be generated of this connection.
      A certain number of events can still be generated, using the 'Do not ignore every X connections' option. The option allows the visitor to carry on using the server without generating potentially thousands of events.

Related Topics


KFSensor On-Line Manual Contents