cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

986
Views
0
Helpful
2
Replies
Highlighted
Beginner

Preventing web server scans on IPS

Hi,

IS there anyone who knows how to prevent a web server scan from getting the version of the IIS web server through a cisco IPS. I tried to set all the signatures that fired to ( drop packet, reset TCP connecction and drop connection inline ) but none worked. The results of a the vulnerability scan through the IPS are still showing the DNS version, IIS version. Can something be done on the IPS level?

Regards

2 REPLIES 2
Highlighted

I don't know the answer but I am interested in a solution to this also.

Highlighted
Participant

Hello k.abillama,

Can you provide a packet capture of the scan? Please gather full-length packets so that the payload is included.

Thank you,

Blayne Dreier

Cisco TAC Escalation Team

**Please check out our Podcasts**

TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast

TAC IPS Media Series: https://supportforums.cisco.com/docs/DOC-12758

Content for Community-Ad