Prevent Stealth Scans

Unanswered Question
Apr 2nd, 2007
User Badges:

What is the best defense against stealth scans of the network? I know this is a vague and open question.


How do you prevent when signature detects a single TCP packet with none of the control bits, i.e. SYN, FIN, ACK, PSH, URG or RST flags set being sent to a specific host.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David White Mon, 04/02/2007 - 08:55
User Badges:
  • Cisco Employee,

Hi,


I'm not sure we are totally following your question. Are you asking specificly to the PIX/ASA/FWSM or a more generic question relating to IPS/IDS?


Sincerely,


David.

mhellman Mon, 04/02/2007 - 09:12
User Badges:
  • Blue, 1500 points or more

The Pix will drop null packets. Any firewall should.

David White Mon, 04/02/2007 - 09:12
User Badges:
  • Cisco Employee,

The PIX will silently drop these packets (ie: no syslog generated). In 7.x, many of these will get counted in the "show asp drop" output, but again, no syslog generated.


David.

Actions

This Discussion