12-19-2005 06:34 AM - edited 03-10-2019 01:48 AM
Good morning,
I'm getting an Alert in CSA, generated by Rule 18, stating that "A portscan was detected Reason: ICMP unreachable. ICMP: 10.64.100.101 -> 10.65.110.118 type destination_unreachable/03.
The target address (.118) is a voice gateway on a 6509. I dont see any reason for this to occur. Thoughts?
12-19-2005 11:41 AM
You didn't mention what version of CSA you are running and there are different options for each.
You may want to turn off the ICMP deny logging or add your voice gateway to the authorized port scanners. Portscan logging is a different matter and it depends on which version you have.
12-22-2005 11:46 AM
Hi, Sorry. It's version 4.5.
12-22-2005 01:05 PM
OK, then make sure you are using the Internal IP Stack hardening module and add your voice gateway to the Authorized Port Scanners network address set. You also may want to exclude the gateway from the host addresses that are scanned by those rules.
That may do the trick.
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: