Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Finding Port Sniffing

Hi. We have an NM-CIDS in a 3845.

We have a specific issue we need to address on our network and we believe the IPS can help.

We are receiving complaints from our ISP that malicious activity (port scanning) is coming from our network. We need the IPS to check traffic both in and out our network.

Although working with Cisco a long time [ten years], the module is new to me. Is this objective even possible to isolate?

Thanks!!!

2 REPLIES
Bronze

Re: Finding Port Sniffing

Cisco CallManager Administration supports the following Cisco IOS MGCP gateways with configurable settings for Packet Capture Mode and Packet Capture Duration on a per-port basis in the Gateway Configuration window of 38XX series including 3825 and 3845.

Gold

Re: Finding Port Sniffing

Sure, port scanning detection are common signatures in just about all releases of the IDS/IPS signatures. If you want to get creative, you can even cook up a custom sig to look for port scans by copying one of the existing signature parameters.

To get you started, here is the hardware installation (in case you havn't done this yet)

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_installation_guide_chapter09186a008055fcfb.html

Next do the router config of the NM-CIDS:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids12/cliguide/clinmcid.htm

And finally you need to run the IDS/IPS setup (works like a router's setup program) Then you should be able to talk to the sensor vis the Web GUI to finish the sensor config, tune your signatures, see your events, etc.

125
Views
0
Helpful
2
Replies
CreatePlease login to create content