I'm running into some issues with my testing and I'm hoping someone can assist me with this as I'm a little lost.
First problem I've come across.
I'm browsing the security intelligence feed that's in var/sf/iprep_download/Sourcefire_intelligence_feed and I've been initiating some telnet sessions to those addresses using port 80. For some random addresses I've been able to initiate a connection via telnet or port 80. Any idea why, I thought this was a list of blocked addresses?
The second problem I have is that I'm able to run a tor browser without any issues, even though I have security intelligence enabled and tor_exit_nodes should be blocked. The strange thing is, I'm not seeing any connection events at all when I use a tor browser. I've run a packet capture to obtain the exit node I'm using, and I can see it's in a publicly shared exit node list.
I also tried setting up a rule that explicitly blocks TOR, TOR exit nodes and it's still not working.
Any ideas what I'm doing wrong? I've attached some screenshots to assist with this.
Community Live Event Video
Are you ready to level up your security? Learn more about how Cisco SecureX can help you simplify your security and maximize operational efficiency.
This event talks about Cisco SecureX, its benefits, features, and usage. Th...
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....