cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Register for SecureX webinars to learn about our newest integrations and features.


498
Views
0
Helpful
0
Replies
Highlighted
Beginner

Firepower PSNG_UDP_FILTERED_DECOY_PORTSCAN (122:22:1) issues

Hi everyone.

 

I have 2 ASA5516-x active-Standby HA with Firepower services.

Since the Quarantine all users is working from his houses by anyconnect VPN.

 

So in the intrusion events, in the firepower, starts to report me too many Port Scans from the VPN pool address..

 
 

portscan detailportscan detail

I cant realize if some applicattion is generating this because destination and source port showns as 0.

Only broadcast that appears in the real-time monitor of the ASA is NetBios with dest port 137.

 

any ideas how can i realize where this traffic from?

 

There is no information in the rule snort documentation.

 

 

 

 

Thanks for you help.

 

0 REPLIES 0
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards