Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2292
Views
0
Helpful
0
Replies

Firepower PSNG_UDP_FILTERED_DECOY_PORTSCAN (122:22:1) issues

lnacional
Beginner
Beginner

‎09-17-2020 08:39 AM

Hi everyone.

 

I have 2 ASA5516-x active-Standby HA with Firepower services.

Since the Quarantine all users is working from his houses by anyconnect VPN.

 

So in the intrusion events, in the firepower, starts to report me too many Port Scans from the VPN pool address..

 
 

portscan detailportscan detail

I cant realize if some applicattion is generating this because destination and source port showns as 0.

Only broadcast that appears in the real-time monitor of the ASA is NetBios with dest port 137.

 

any ideas how can i realize where this traffic from?

 

There is no information in the rule snort documentation.

 

 

 

 

Thanks for you help.

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents