Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
457
Views
0
Helpful
4
Replies

Prevent Stealth Scans

cplatt01
Level 1
Level 1

‎04-02-2007 05:21 AM - edited ‎03-11-2019 02:54 AM

What is the best defense against stealth scans of the network? I know this is a vague and open question.

How do you prevent when signature detects a single TCP packet with none of the control bits, i.e. SYN, FIN, ACK, PSH, URG or RST flags set being sent to a specific host.

Labels:
0 Helpful
4 Replies 4

David White
Cisco Employee
Cisco Employee

‎04-02-2007 08:55 AM

Hi,

I'm not sure we are totally following your question. Are you asking specificly to the PIX/ASA/FWSM or a more generic question relating to IPS/IDS?

Sincerely,

David.

0 Helpful

cplatt01
Level 1
Level 1
In response to David White

‎04-02-2007 08:57 AM

More for the PIX.

0 Helpful

mhellman
Level 7
Level 7
In response to cplatt01

‎04-02-2007 09:12 AM

The Pix will drop null packets. Any firewall should.

0 Helpful

David White
Cisco Employee
Cisco Employee
In response to cplatt01

‎04-02-2007 09:12 AM

The PIX will silently drop these packets (ie: no syslog generated). In 7.x, many of these will get counted in the "show asp drop" output, but again, no syslog generated.

David.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card