IPS is not detecting NMAP Inverse Scans and OS Guessing attempts

Unanswered Question
Jan 18th, 2010
User Badges:

Mates,


we have an Cisco ASA with an SSM-20 Module running in our network. I tried to test the IPS module with a NMAP version 5.

It detects TCP connects scan and SYN scans. FIN, NULL and XMAS tree Scans as well as OS Guessing attempts are not detected.


Any ideas?


Cheers


Alex

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Sun, 02/07/2010 - 10:26
User Badges:
  • Red, 2250 points or more

Some of those scans are designed to evade detection devices, however are you running the latest signature on your AIP?


Regards

Farrukh

Farrukh Haroon Wed, 02/10/2010 - 10:57
User Badges:
  • Red, 2250 points or more

Yes this is true, not all NMAP scan types are detected by the Cisco IPS. I've seen it on our network too.


Regards


Farrukh

Actions

This Discussion