×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

TCP Syn Host sweep from Pix pool addresses

Unanswered Question
Aug 16th, 2002
User Badges:

I am recieving 3030 TCP SYN Host sweep alarms on my IDS4210 v3.1-2-S29 originating from several of my outside addresses. The pix detects no connections are being nated to those address from inside and my internal sensor picks up no sweep signatures. Is it possible to spoof my addresses to perform Sweeps? or am I recieving false alarms.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
p.krane Mon, 08/26/2002 - 08:34
User Badges:

It's probably real sweeps on your address range based on the traffic that is coming out of the PIX (spoofing making assumptions). It couldn't hurt to sniff the outside wire to see what's really going on there. Have you talked to your Cisco tac rep yet?

Actions

This Discussion