cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1544
Views
0
Helpful
3
Replies

Network Scans

laphil
Level 1
Level 1

Hi all

Im trying to figure out how to get network scans and dos attacks to show up in my syslog server for my CIsco ASA 5520.

Just with the basic IPS support on the device i cannot seem to get anything to show up on my syslog server?

Network scans dont appear to be part of the standard IDS signatures since its just a network port scan?

Any direction on this would be appreciated.

Regards

1 Accepted Solution

Accepted Solutions

I don't know of a way to directly detect scans from an ASA. I have seen some indirect scan detection performed on firewall logs in a customized SIM (Intelitactics) via correlation.

You may be better served asking this question in the firewall forum.

- Bob

View solution in original post

3 Replies 3

rhermes
Level 7
Level 7

Do you have an AIP-SSM sensor module for your 5520?

If you do, then you should be able to detect network and host scanning on you network.

The Sensor module will not output to a syslog server, you can use the free Cisco IPS Manager Express

http://www.cisco.com/en/US/products/ps9610/index.html

You can also set the signatures for scans to send an SNMP trap when they fire to your SNMP server.

- Bob

We actually do not own the AIP-SSM sensor module i was trying to accomplish basic ids with the ASA 5520 only...

to log scans to syslog etc.

I don't know of a way to directly detect scans from an ASA. I have seen some indirect scan detection performed on firewall logs in a customized SIM (Intelitactics) via correlation.

You may be better served asking this question in the firewall forum.

- Bob

Review Cisco Networking for a $25 gift card