US 11,711,389 B2
Scanner probe detection
Idan Amit, Ramat Gan (IL); Yinnon Meshi, Kibbutz Revivim (IL); Jonathan Allon, Haifa (IL); and Aviad Meyer, Hod-Hasharon (IL)
Assigned to PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD., Tel Aviv (IL)
Filed by Palo Alto Networks (Israel Analytics) Ltd., Tel Aviv (IL)
Filed on Oct. 21, 2021, as Appl. No. 17/506,713.
Application 17/506,713 is a continuation of application No. 16/261,655, filed on Jan. 30, 2019, granted, now 11,184,378.
Prior Publication US 2022/0046042 A1, Feb. 10, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01)
CPC H04L 63/1425 (2013.01) [H04L 63/1416 (2013.01); H04L 63/1441 (2013.01); H04L 63/166 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A method, comprising:
identifying, in data traffic transmitted between multiple nodes that communicate over a network, a set of port scans, each of the port scans comprising an access, in the data traffic, of a plurality of communication ports on a given destination node by a given source node during a specified time period;
identifying in the data traffic a group of high-traffic ports, comprising one or more of the communication ports that receive respective volumes of the data traffic that are in excess of a predefined threshold; and
upon detecting a port scan not comprising the access of any of the identified high-traffic ports, initiating a preventive action.