Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
563
Views
4
Helpful
3
Replies

CSA throws portscan alert

piltze
Level 1
Level 1

‎12-19-2005 06:34 AM - edited ‎03-10-2019 01:48 AM

Good morning,

I'm getting an Alert in CSA, generated by Rule 18, stating that "A portscan was detected Reason: ICMP unreachable. ICMP: 10.64.100.101 -> 10.65.110.118 type destination_unreachable/03.

The target address (.118) is a voice gateway on a 6509. I dont see any reason for this to occur. Thoughts?

Labels:
0 Helpful
3 Replies 3

tsteger1
Level 8
Level 8

‎12-19-2005 11:41 AM

You didn't mention what version of CSA you are running and there are different options for each.

You may want to turn off the ICMP deny logging or add your voice gateway to the authorized port scanners. Portscan logging is a different matter and it depends on which version you have.

piltze
Level 1
Level 1
In response to tsteger1

‎12-22-2005 11:46 AM

Hi, Sorry. It's version 4.5.

0 Helpful

tsteger1
Level 8
Level 8
In response to piltze

‎12-22-2005 01:05 PM

OK, then make sure you are using the Internal IP Stack hardening module and add your voice gateway to the Authorized Port Scanners network address set. You also may want to exclude the gateway from the host addresses that are scanned by those rules.

That may do the trick.

Tom

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card