Hi Everyone,
I have a customer who wanted to see FirePOWER FMC events in action based of a couple of test scenario's. We decided to connect upstream from their FirePOWER device and run some test attacks from a laptop. For one of the test, we used HPING3 to initiate a Denial of Service attack on the firewall's external IP and also on a server that was NAT'd to the outside. In both instances, we saw that the traffic was not seen as an attack and was permitted through the firewall. What should we have expected? Is a single laptop attacking using HPING3 not enough? It took us running a "Hail Mary" scan from Kali Linux before we were able to generate anything to show up as an attack. I would have expected to have seen more things blocked. Thoughts?
