[c-nsp] ASA 5520 Newbie Question

Luan M Nguyen luan at t3technology.com
Thu Jun 26 00:03:34 EDT 2008


...or with 8.0, you could use threat-detection
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/prote
ct.html#wp1072953
I was researching equivalent commands on Cisco for set zone "" screen
port-scan :)
On the router i think you have to use IOS IPS.

-Luan


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Christian Koch
Sent: Wednesday, June 25, 2008 10:38 PM
To: jarrod at friedland.com.au
Cc: C-Nsp
Subject: Re: [c-nsp] ASA 5520 Newbie Question

most ids/ips will have signatures for detecting port scans.

im unsure the asa syslogs anything of the sort as i've never seen one
before, someone else may have a better answer for that



On Wed, Jun 25, 2008 at 4:29 PM, Jarrod Friedland <
jarrod.friedland at gmail.com> wrote:

> Morning All
>
> Quick Question, within the standard ASA 5520 box, what is the best way to
> fire off a notification that the box is being port scanned by a specific
> ip.
> Would you require third party application for this or is ASDM / the ASA
> itself capable of such notifications. Are we able to make use of
CiscoWorks
> for this type of notification from the ASA devices.
>
> Any info would be greatly appreciated.
>
> Thanks
>
> --
>
> --
> Jarrod
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list