Port scan

Unanswered Question
Feb 28th, 2007

We have a regional network coming into our DMZ on our Pix 515. We have an IP any any rule and have not locked down what ports they need to use (AD, Exchange, File server, internet). Is there a port monitor we can use to list all the ports over some time through our DMZ? Then we can use this to lock it down.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 02/28/2007 - 12:01

Hi

Just as an alternative. You could have a

"permit ip any any log" on your pix. This would log all access on that DMZ. As you determine the ports you can modify the access-list to add in the individual port entries. Keep the permit ip any any log at the end until you have accounted for all the ports ie. all your other rules are catching the traffic and not your catch all rule.

Obviously this would generate a fair bit of logging so you'll need disk space and be aware of the additional bandwwidth being used.

HTH

Jon

whiteford Thu, 03/01/2007 - 00:28

For the loggin how where would I point it to? i am using ADSM?

Jon Marshall Thu, 03/01/2007 - 01:02

Hi

You would need a syslog server to point the traffic to. Do you one of these ?

Jon

Actions

This Discussion