Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX IDS Signatures

Does anyone know the PIX IDS signatures to block Ping sweeps and Port scans?

Do IDS signatures override ACLs previously set? For example; I want to allow people to ping me (I've allowed icmp echo in my ACL), but I want to drop Ping Sweeps and Port Scans.

Gracias.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PIX IDS Signatures

The PIX IDS signatures are all listed here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/syslog/pixemsgs.htm#1032267

You'll notice that there isn't sigs for port scans and ping sweeps, primarily because the PIX doesn't detect these. This would involve the PIX keeping track of all pings or connection attempts and trying to figure out if a sweep is going on, this is not what the PIX is designed for.

If you want to see these then a NIDS system is the best way to go. PIX IDS is very limited and only looks for a very small subset of signatures, and most of those signatures just involve one packet, not trying to piece together multiple packets to different hosts or ports.

1 REPLY
Cisco Employee

Re: PIX IDS Signatures

The PIX IDS signatures are all listed here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/syslog/pixemsgs.htm#1032267

You'll notice that there isn't sigs for port scans and ping sweeps, primarily because the PIX doesn't detect these. This would involve the PIX keeping track of all pings or connection attempts and trying to figure out if a sweep is going on, this is not what the PIX is designed for.

If you want to see these then a NIDS system is the best way to go. PIX IDS is very limited and only looks for a very small subset of signatures, and most of those signatures just involve one packet, not trying to piece together multiple packets to different hosts or ports.

110
Views
0
Helpful
1
Replies
CreatePlease login to create content