Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
905
Views
0
Helpful
1
Replies

TCP Syn Host sweep from Pix pool addresses

community
Level 1
Level 1

‎08-16-2002 12:02 PM - edited ‎02-20-2020 10:12 PM

I am recieving 3030 TCP SYN Host sweep alarms on my IDS4210 v3.1-2-S29 originating from several of my outside addresses. The pix detects no connections are being nated to those address from inside and my internal sensor picks up no sweep signatures. Is it possible to spoof my addresses to perform Sweeps? or am I recieving false alarms.

0 Helpful
1 Reply 1

p.krane
Level 3
Level 3

‎08-26-2002 08:34 AM

It's probably real sweeps on your address range based on the traffic that is coming out of the PIX (spoofing making assumptions). It couldn't hurt to sniff the outside wire to see what's really going on there. Have you talked to your Cisco tac rep yet?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card