04-02-2007 05:21 AM - edited 03-11-2019 02:54 AM
What is the best defense against stealth scans of the network? I know this is a vague and open question.
How do you prevent when signature detects a single TCP packet with none of the control bits, i.e. SYN, FIN, ACK, PSH, URG or RST flags set being sent to a specific host.
04-02-2007 08:55 AM
Hi,
I'm not sure we are totally following your question. Are you asking specificly to the PIX/ASA/FWSM or a more generic question relating to IPS/IDS?
Sincerely,
David.
04-02-2007 08:57 AM
More for the PIX.
04-02-2007 09:12 AM
The Pix will drop null packets. Any firewall should.
04-02-2007 09:12 AM
The PIX will silently drop these packets (ie: no syslog generated). In 7.x, many of these will get counted in the "show asp drop" output, but again, no syslog generated.
David.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: