[c-nsp] PIX Detecting Port Scans?

Brian Turnbow b.turnbow at twt.it
Wed Dec 15 11:44:14 EST 2004 

 a friend of mine enlightened me today on how he checks for port scans. He creates a few  access-lists with a deny statement for ports he doesn't use and has a script that parses the log files for access list deny matches. 
Not very user friendly but He's happy.

Brian
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Brian Turnbow
Sent: mercoledì 15 dicembre 2004 0.12
To: jbruce at unitedscience.com; cisco-nsp at puck.nether.net
Subject: R: [c-nsp] PIX Detecting Port Scans?

no port scan detection... but you can set connection limits using the static comman and you can get "connection limit exceeded"....... not the same thing but it's something.
 
Brian

________________________________

Da: cisco-nsp-bounces at puck.nether.net per conto di jbruce at unitedscience.com
Inviato: mar 14/12/2004 18.58
A: cisco-nsp at puck.nether.net
Oggetto: [c-nsp] PIX Detecting Port Scans?




Since there has been a few PIX questions lately I thought I would ask one I have been curious about for a while. Is there a way to configure a PIX 515 6.3(4) to detect port scans? Here is what I have so far, it only detects ICMP packets.  I'm a newb to the PIX and any links or info would help. Thanks

ip audit name Inbound-Attack attack action alarm ip audit name Inbound-Info info action alarm ip audit interface outside Inbound-Info ip audit interface outside Inbound-Attack ip audit info action alarm ip audit attack action alarm

James Bruce


CONFIDENTIALITY NOTICE

This document(s) and any attachments accompanying this email transmission contain information from United Science Inc, which is confidential and privileged.  The email transmission and any attached documents are intended to be for the review and use solely of the individual(s) or entity(ies) named and listed on the email transmission message.  If you are not the intended recipient, you are hereby advised that any review, disclosure, copying, distribution or use of the information and/or contents of this email message, as well as any attached documents, is prohibited.  If you have received this email message in error, please immediately delete this email transmission and notify us by telephone of this error. Please visit us at http://www.unitedscience.com



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list