Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Port scanning- dumb question

How can I tell that a scan is going on...

1 REPLY

Re: Port scanning- dumb question

One method is by looking at your logs (on your syslog server reporting events on your access-lists) to see a large volume of packets on different ports getting blocked (same source). This is a difficult and manual method, and one that relies on your access-lists to block it and log it.

A better method is using an IDS (Intrusion Detection System), either network (Cisco IDS 4200 Series) or host based (Cisco's is called Entercept), that will report this to you in a proactive manner. IDS sensors analyze traffic in real time, enabling users to quickly respond to security breaches. They can also be used to block attacks. They compare packets/events to a list of signatures that identify what the event actually is.

Hope it helps.

Steve

380
Views
0
Helpful
1
Replies
CreatePlease login to create content