cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
606
Views
0
Helpful
2
Replies

Cisco ASA attack simulation

shawvoel
Level 1
Level 1

Hi All Expert,

Can anyone help if I need to simulate an attack to a server on DMZ zone.

How to know there is an attack to that particular server and how to generate the attack?

Really appreciate for help on this.

Thank you.

Rgds,

Au Yeong Shaw Voel

1 Accepted Solution

Accepted Solutions

a.kiprawih
Level 7
Level 7

Hi,

If you plan to test your server, there are a number of things that you might need to do, simple to complicated attack. It depends on what you would like to achieve, type of attack, e.g server OS, application.

But the simple one could be using ICMP/ping attack or TCP SYN attack (you can easily get tools from the Net).

From PIX Firewall perspective, you probably need to active the built-in IDS feature, limit the embryonic level and open ICMP to the target server. Make sure your ACL allows the ICMP and permitted application(s) service ports to pass through. Also, make sure you enable syslog, and probably set it to informational or debugging, to capture the log.

PIX will easily pick-up the ICMP attack based on the IDS services, while for the TCP-SYN attack (targeted to your application via ACL), you can see the attempts from the log.

Rgds,

AK

View solution in original post

2 Replies 2

a.kiprawih
Level 7
Level 7

Hi,

If you plan to test your server, there are a number of things that you might need to do, simple to complicated attack. It depends on what you would like to achieve, type of attack, e.g server OS, application.

But the simple one could be using ICMP/ping attack or TCP SYN attack (you can easily get tools from the Net).

From PIX Firewall perspective, you probably need to active the built-in IDS feature, limit the embryonic level and open ICMP to the target server. Make sure your ACL allows the ICMP and permitted application(s) service ports to pass through. Also, make sure you enable syslog, and probably set it to informational or debugging, to capture the log.

PIX will easily pick-up the ICMP attack based on the IDS services, while for the TCP-SYN attack (targeted to your application via ACL), you can see the attempts from the log.

Rgds,

AK

Hi AK,

Yes, that what I plan to do, thank for your advise.

Rgds,

Au Yeong Shaw Voel

Review Cisco Networking for a $25 gift card