Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port Scanning - Very urgent

Please how can I stop anyone from doing a port scanning on our network and as well to flag it up if they were to attempt this?

Thanks

3 REPLIES
New Member

Re: Port Scanning - Very urgent

IDS would help but usually has to be placed in-line with the traffic.

New Member

Re: Port Scanning - Very urgent

If your router has firewall it is possible to stop scanning

Of the ports, If not with access list is not possible to stop it

New Member

Re: Port Scanning - Very urgent

One method to secure the local VLAN when one host attempts to scan another within its own VLAN or subnet is a private vlan configuration and it will be denied. When the port scanner attempts to traverse a router to another subnet an ACL can be used under the premise that workstations don't do peer to peer, workstations talk to servers not other workstations so a properly designed ACL can block and log workstations attempting to contact other workstations on differing subnets and denied the activity.

Places to start your research:

http://www.cisco.com/en/US/products/hw/switches/ps4324/products_tech_note09186a0080094830.shtml

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml

Brian

625
Views
3
Helpful
3
Replies