cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
0
Helpful
2
Replies

Finding Port Sniffing

netsec123
Level 1
Level 1

Hi. We have an NM-CIDS in a 3845.

We have a specific issue we need to address on our network and we believe the IPS can help.

We are receiving complaints from our ISP that malicious activity (port scanning) is coming from our network. We need the IPS to check traffic both in and out our network.

Although working with Cisco a long time [ten years], the module is new to me. Is this objective even possible to isolate?

Thanks!!!

2 Replies 2

ssoberlik
Level 4
Level 4

Cisco CallManager Administration supports the following Cisco IOS MGCP gateways with configurable settings for Packet Capture Mode and Packet Capture Duration on a per-port basis in the Gateway Configuration window of 38XX series including 3825 and 3845.

rhermes
Level 7
Level 7

Sure, port scanning detection are common signatures in just about all releases of the IDS/IPS signatures. If you want to get creative, you can even cook up a custom sig to look for port scans by copying one of the existing signature parameters.

To get you started, here is the hardware installation (in case you havn't done this yet)

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_installation_guide_chapter09186a008055fcfb.html

Next do the router config of the NM-CIDS:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/cliguide/clinmcid.htm

And finally you need to run the IDS/IPS setup (works like a router's setup program) Then you should be able to talk to the sensor vis the Web GUI to finish the sensor config, tune your signatures, see your events, etc.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: