Test Case Security Features on FTD

bibek_deo · ‎02-03-2021

HI,

Pls suggest me how to to do the following tests in FTD

(Case 1)

Test Item -Detect Land Attack

Test procedure /Reference - Same Source IP/port to destination IP/Port to be generated on the outside interface

Expected result - Deny traffic should be shown

(Case 2)

Test Item -Win Nuke attack

Test procedure /Reference - traffic to tcp 139 port to be generated on outside interface

Expected result - Deny traffic should be shown

I have selected the both options in intrusion policy but not get the idea how to demonstrate the condition and achieve the result.

BB

Bibek

Mohammed al Baqari · ‎02-03-2021

Hi,

Download nping, put it in a machine in the outside zone and use the
following

nping --tcp -p 80 -S 1.1.1.1 1.1.1.1 -- this is for case 1. It should be
blocked by rpf check
nping --tcp -p 139 1.1.1.1 -- this is for case 2

If you enable terminate monitoring on ASA or send syslogs to external
server you can look for the messages.

**** please remember to rate useful posts