Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Prevent Stealth Scans

What is the best defense against stealth scans of the network? I know this is a vague and open question.

How do you prevent when signature detects a single TCP packet with none of the control bits, i.e. SYN, FIN, ACK, PSH, URG or RST flags set being sent to a specific host.

4 REPLIES
Silver

Re: Prevent Stealth Scans

Hi,

I'm not sure we are totally following your question. Are you asking specificly to the PIX/ASA/FWSM or a more generic question relating to IPS/IDS?

Sincerely,

David.

New Member

Re: Prevent Stealth Scans

More for the PIX.

Gold

Re: Prevent Stealth Scans

The Pix will drop null packets. Any firewall should.

Silver

Re: Prevent Stealth Scans

The PIX will silently drop these packets (ie: no syslog generated). In 7.x, many of these will get counted in the "show asp drop" output, but again, no syslog generated.

David.

116
Views
0
Helpful
4
Replies