About sagittarius

sagittarius · 03-11-2008

Can any guide me configure security for permiter cisco FWSM? Is there are best practice or standard configuration recommanded by cisco for perimeter firewall?

sagittarius · 06-22-2007

I'm getting ~ 330,000 "TCP Segment Overwrite" alerts a day from the 6 IDS/IPS sensors. Destination of these packets are 0.0.0.0 or Internal IPs(10.x.x.x). The source IP is mostly Internal Subnet (10.x.x.x). Do I need to investigate these events/alert...

sagittarius · 06-18-2007

Hi,We are getting some events on IPS for Nmap UDP Port Sweep (Signature - 4003). Attacker shows an external address, what can I do for this alert, what actions can I take?

sagittarius · 05-17-2007

Is the CISCO IDS/IPS device connecting to Monitor or SPAN port Vulnerable? Is there a document which I can refer to ?

sagittarius · 05-04-2007

We are seeing too many events in IDS/IPS. Is there a way to filter events and any one suggest best practice or top 20-30 events we should monitor ?

sagittarius · 06-19-2007

No,Source Port :: 137,500Destination Port: : 356,357,500

sagittarius · 06-19-2007

yes source IP is internal and destination is external.

sagittarius · 06-19-2007

Destination Port # changes from udp/356,357,358,361,367,359,500 however the attacker port remains the same (500 or 137)

sagittarius · 03-30-2005

Whats the Default Gateway on the PC's ...it should be the Router interface IP's ....Have you enabled ip routing on router. Can u ping the Router interface from PC on the same subnet ...

sagittarius · 11-03-2004

Hi Peter,thanks ...It is working now.Can same to done on PIX?Regards,Saggi

Member Since	‎10-11-2002 03:55 AM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	81

User Statistics

User Activity

Best Practice/Standard - Securing FWSM

TCP Segment Overwrite

Nmap UDP Port Sweep

Monitor or Span port Vulnerablility

IDS monitoring

Re: Nmap UDP Port Sweep

Re: Nmap UDP Port Sweep

Re: Nmap UDP Port Sweep

Re: unable to ping

Re: VPN Client password expire