Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
353
Views
0
Helpful
2
Replies

Multi port scanning from outside

Go to solution
mx
Level 1
Level 1

‎01-19-2015 06:47 AM - edited ‎03-11-2019 10:21 PM

Hello, I am running an ASA 5505 with 8.2(2) ios. I am running a very simple web server inside on port 80 and more importantly an email server.

When I check my IIS logs for the web server I see countless attempts by hackers to gain access to phpMyAdmin etc etc which I am not running. I have been safe so far.

 

My question is, these hacking attempts are clearly from the same person as they come in huge batches, but their source IP address changes with each attempt. Obviously I cant block by IP address, and that would be a full time job anyway.  Is there another way to block such attempts? Say after 2 attempts at a certain URL they are automatically blacklisted, or any php attempts would be blacklisted.

 

Thank you for any input!

Bob

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎01-19-2015 10:21 AM

Bob-

You would need something with a little more intelligence like IPS. You can setup rules to do exactly that. Unfortunately the ASA can't do that out-of-the-box. If you would like to explore that further take a look at Cisco's Sourcefire solution. It's an IPS that runs on the ASA (must be on the new ASA-X model though). Let us know if you have any other questions.

 

Hope it helps.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎01-19-2015 10:21 AM

Bob-

You would need something with a little more intelligence like IPS. You can setup rules to do exactly that. Unfortunately the ASA can't do that out-of-the-box. If you would like to explore that further take a look at Cisco's Sourcefire solution. It's an IPS that runs on the ASA (must be on the new ASA-X model though). Let us know if you have any other questions.

 

Hope it helps.

0 Helpful

Go to solution
mx
Level 1
Level 1
In response to Collin Clark

‎01-19-2015 10:24 AM

Thank you sir. I kind of figured that was the case, but thought Id take a chance.

bob

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card