Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2109
Views
0
Helpful
3
Replies

port scan signatures

alkabeer80
Level 1
Level 1

‎12-26-2012 05:32 AM - edited ‎03-10-2019 05:51 AM

Hi,

I have IPS 4270, is there signature for port scanning, so that it fires when any user run the scan (angry port scan, etc.....), if not can i creat a signature for this, how ???

thankssss                   

Labels:
0 Helpful
3 Replies 3

Andrew Phirsov
Level 7
Level 7

‎12-26-2012 11:13 AM

I think the sweep engine and signatures related to it are responsible for what you want to achieve.

"How???" 

Have you tried to read cisco guide on how to configure IPS and how it works? I think it's the best way to find out.

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni

‎12-26-2012 05:17 PM

Hello Alkabeer,

Ofcourse there are Check the Dos categories.

You could also use the anomaly detection feature that will allow you to set a base-line in your network to determine what is normal and what is not.

Regards,

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

AdamBlackNNT
Level 1
Level 1

‎01-02-2013 11:11 AM

I believe there is a whole category called "reconnaisance" devoted to things like that.  You should be able to go in and verify that the signature that matches the type of scan you're looking for is enabled and, if not, enable it.  If it doesn't exist you can probably copy an existing rule and tweak it for your needs with minimal effort.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card