12-19-2005 06:34 AM - edited 03-10-2019 01:48 AM
Good morning,
I'm getting an Alert in CSA, generated by Rule 18, stating that "A portscan was detected Reason: ICMP unreachable. ICMP: 10.64.100.101 -> 10.65.110.118 type destination_unreachable/03.
The target address (.118) is a voice gateway on a 6509. I dont see any reason for this to occur. Thoughts?
12-19-2005 11:41 AM
You didn't mention what version of CSA you are running and there are different options for each.
You may want to turn off the ICMP deny logging or add your voice gateway to the authorized port scanners. Portscan logging is a different matter and it depends on which version you have.
12-22-2005 11:46 AM
Hi, Sorry. It's version 4.5.
12-22-2005 01:05 PM
OK, then make sure you are using the Internal IP Stack hardening module and add your voice gateway to the Authorized Port Scanners network address set. You also may want to exclude the gateway from the host addresses that are scanned by those rules.
That may do the trick.
Tom
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide