Test Case Security Features on FTD

bibek_deo — Thu, 04 Feb 2021 02:33:45 GMT

HI,

Pls suggest me how to to do the following tests in FTD

(Case 1)

Test Item -Detect Land Attack

Test procedure /Reference - Same Source IP/port to destination IP/Port to be generated on the outside interface

Expected result - Deny traffic should be shown

(Case 2)

Test Item -Win Nuke attack

Test procedure /Reference - traffic to tcp 139 port to be generated on outside interface

Expected result - Deny traffic should be shown

I have selected the both options in intrusion policy but not get the idea how to demonstrate the condition and achieve the result.

Bibek

Re: Test Case Security Features on FTD

Mohammed al Baqari — Thu, 04 Feb 2021 07:36:53 GMT

Hi,

Download nping, put it in a machine in the outside zone and use the
following

nping --tcp -p 80 -S 1.1.1.1 1.1.1.1 -- this is for case 1. It should be
blocked by rpf check
nping --tcp -p 139 1.1.1.1 -- this is for case 2

If you enable terminate monitoring on ASA or send syslogs to external
server you can look for the messages.

**** please remember to rate useful posts

topic Re: Test Case Security Features on FTD in Network Security

Test Case Security Features on FTD

Re: Test Case Security Features on FTD