Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
1
Replies

Port scanning- dumb question

davinder
Level 1
Level 1

‎10-17-2002 11:20 AM - edited ‎03-09-2019 12:43 AM

How can I tell that a scan is going on...

Labels:
0 Helpful
1 Reply 1

steve.barlow
Level 7
Level 7

‎10-17-2002 02:08 PM

One method is by looking at your logs (on your syslog server reporting events on your access-lists) to see a large volume of packets on different ports getting blocked (same source). This is a difficult and manual method, and one that relies on your access-lists to block it and log it.

A better method is using an IDS (Intrusion Detection System), either network (Cisco IDS 4200 Series) or host based (Cisco's is called Entercept), that will report this to you in a proactive manner. IDS sensors analyze traffic in real time, enabling users to quickly respond to security breaches. They can also be used to block attacks. They compare packets/events to a list of signatures that identify what the event actually is.

Hope it helps.

Steve

0 Helpful
Customers Also Viewed These Support Documents