06-26-2011 11:14 PM - edited 03-10-2019 05:23 AM
Hi,
IS there anyone who knows how to prevent a web server scan from getting the version of the IIS web server through a cisco IPS. I tried to set all the signatures that fired to ( drop packet, reset TCP connecction and drop connection inline ) but none worked. The results of a the vulnerability scan through the IPS are still showing the DNS version, IIS version. Can something be done on the IPS level?
Regards
06-28-2011 08:08 AM
I don't know the answer but I am interested in a solution to this also.
07-05-2011 11:29 AM
Hello k.abillama,
Can you provide a packet capture of the scan? Please gather full-length packets so that the payload is included.
Thank you,
Blayne Dreier
Cisco TAC Escalation Team
**Please check out our Podcasts**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
TAC IPS Media Series: https://supportforums.cisco.com/docs/DOC-12758
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: