DeScan.net claims that its port scanning service for companies uses a unique system of blind packet monitoring, heuristics and statistical analysis to identify abusive scanning behavior and the offending PC.
The Seattle, Washington-based firm says that its listening agent runs on a Linux firewall and looks at the SYN packet of an Internet initiating session, noting its source and destination, then sending this information back to DeScan.net for analysis.
At DeScan, the firm says the anonymous SYN packet information is pooled from multiple sources and analyzed for anomalous/abusive port scanning behavior. Once suspect scanning patterns cross a given abusive behavior threshold, the originating IP address is identified as a scanner and DeScan sends an email to the administrator.
