Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1722
Views
0
Helpful
3
Replies

IPS is not detecting NMAP Inverse Scans and OS Guessing attempts

alex.dersch
Level 4
Level 4

‎01-18-2010 07:27 AM - edited ‎03-10-2019 04:51 AM

Mates,

we have an Cisco ASA with an SSM-20 Module running in our network. I tried to test the IPS module with a NMAP version 5.

It detects TCP connects scan and SYN scans. FIN, NULL and XMAS tree Scans as well as OS Guessing attempts are not detected.

Any ideas?

Cheers

Alex

Labels:
0 Helpful
3 Replies 3

Farrukh Haroon
VIP Alumni
VIP Alumni

‎02-07-2010 10:26 AM

Some of those scans are designed to evade detection devices, however are you running the latest signature on your AIP?

Regards

Farrukh

0 Helpful

alex.dersch
Level 4
Level 4
In response to Farrukh Haroon

‎02-10-2010 07:48 AM

Hello Farrukh,

thanks for your reply, yes the ips gets its update by an automated update procedure. You think its normal that the IPS is not detecting OS guessing attempts? But for what is then the Signature NMAP OS Fingerprint good.

https://intellishield.cisco.com/security/alertmanager/ipsSignature?signatureId=3046&signatureSubId=0

Cheers

Alex

0 Helpful

Farrukh Haroon
VIP Alumni
VIP Alumni
In response to alex.dersch

‎02-10-2010 10:57 AM

Yes this is true, not all NMAP scan types are detected by the Cisco IPS. I've seen it on our network too.

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card