Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Best way to check internet scans or unsuccessful attempts

What is the best way? I am talking about a plain access router with ACLs or CBAC firewall. I want to see which ports are being tried from the outside interface. No log servers or something similar.

So, something with 'debug' or 'show' commands maybe?

  • Other Security Subjects
3 REPLIES
New Member

Re: Best way to check internet scans or unsuccessful attempts

Creating access-lists that deny ICMP or IP based port specific packets is the only way, and then review the log. Otherwise, your talking about an external IDS device on the outside segment of you router.

New Member

Re: Best way to check internet scans or unsuccessful attempts

Got it. Now, I know I can send the log data to the terminal window, or to a syslog server. Is there something else? And what is a syslog server? Is there a Microsoft product that supports this?

Re: Best way to check internet scans or unsuccessful attempts

A syslog server is an application that accept logging from devices in your network. I don't know there is a MS Syslog server.

There is a syslog server available from Cisco. The KIWI syslog server is also well known. For testing purposes I use the 3CDaemon syslog server.

Kind Regards,

Tom

104
Views
0
Helpful
3
Replies