[c-nsp] PIX Detecting Port Scans?

Church, Chuck cchurch at netcogov.com
Tue Dec 14 17:47:51 EST 2004


James,

	The PIX has a very scaled down IDS.  If you go into the PDM, go
to configuration, and system properties tab.  Check out Intrusion
Detection on the left, and expand it.  Under IDS Signatures, you'll see
the whole list, which is only about 59 signatures.  The real IDS has
around 1000 I believe.  Or check the Pix 6.3 docs for the signature
list. 


Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
cchurch at netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D 


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
jbruce at unitedscience.com
Sent: Tuesday, December 14, 2004 12:59 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] PIX Detecting Port Scans?


Since there has been a few PIX questions lately I thought I would ask
one I have been curious about for a while. Is there a way to configure a
PIX 515 6.3(4) to detect port scans? Here is what I have so far, it only
detects ICMP packets.  I'm a newb to the PIX and any links or info would
help. Thanks

ip audit name Inbound-Attack attack action alarm
ip audit name Inbound-Info info action alarm
ip audit interface outside Inbound-Info
ip audit interface outside Inbound-Attack
ip audit info action alarm
ip audit attack action alarm

James Bruce


CONFIDENTIALITY NOTICE

This document(s) and any attachments accompanying this email
transmission contain information from United Science Inc, which is
confidential and privileged.  The email transmission and any attached
documents are intended to be for the review and use solely of the
individual(s) or entity(ies) named and listed on the email transmission
message.  If you are not the intended recipient, you are hereby advised
that any review, disclosure, copying, distribution or use of the
information and/or contents of this email message, as well as any
attached documents, is prohibited.  If you have received this email
message in error, please immediately delete this email transmission and
notify us by telephone of this error. Please visit us at
http://www.unitedscience.com



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list