- Posts: 783
- Thank you received: 0
Should I change the default SSH port number?
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
15 years 10 months ago #29143
by skepticals
Replied by skepticals on topic Re: Should I change the default SSH port number?
Would an ASA 5505 be able to stop ping scans? If so, how? And, do I have to configure it to do so?
15 years 10 months ago #29154
by Chojin
You can ignore ICMP. This is most of the times enough to defend.
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
Replied by Chojin on topic Re: Should I change the default SSH port number?
Would an ASA 5505 be able to stop ping scans? If so, how? And, do I have to configure it to do so?
You can ignore ICMP. This is most of the times enough to defend.
CCNA / CCNP / CCNA - Security / CCIP / Prince2 / Checkpoint CCSA
- skepticals
- Topic Author
- Offline
- Elite Member
Less
More
- Posts: 783
- Thank you received: 0
15 years 10 months ago #29194
by skepticals
Replied by skepticals on topic Re: Should I change the default SSH port number?
Sorry, I meant port scans, not Ping scans.
I was wondering how I could detect if somone port scanned a large range of ports...
I was wondering how I could detect if somone port scanned a large range of ports...
15 years 10 months ago #29226
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Should I change the default SSH port number?
Not sure to be honest. I know WatchGuard Firewalls detect Portscans and automatically add the source address to a BlockedSitesList for 20mins which will start to drop all traffic (permitted and denied traffic)
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
15 years 10 months ago #29239
by S0lo
Ok, I've never tried this before so here is what I just knew.
The new versions (8.x) of ASA software image has Threat Detection features. This is a basic start:
[code:1]ASA(config)# threat-detection scanning-threat shun[/code:1]
The shun keyword tells the ASA to ban an IP/host when it reaches a certain threat limit. To set the duration of the shun for attacking hosts, enter this:
[code:1]ASA(config)# threat-detection scanning-threat shun duration <seconds>[/code:1]
Replace <seconds> with the duration you want attackers to be banned.
To view the hosts that are currently banned, enter the following:
[code:1]ASA# show threat-detection shun[/code:1]
I know you have a million questions by now, so do I . Try reading the section titled "Enabling Scanning Threat Detection" in the ASA 8.x configuration guide, chapter 23. www.cisco.com/en/US/docs/security/asa/as...n/guide/asa80cfg.pdf
By the way, by default the ASA will NOT allow traffic to flow from a lower security interface to higher security interface. If your outside interface is at sec-level 0 and no other interface is at that level, then your moderately safe from outsiders (by default, without configuring any threat detection). Unless you have explicitly allowed such traffic via an access list.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
Replied by S0lo on topic Re: Should I change the default SSH port number?
Would an ASA 5505 be able to stop ping scans? If so, how? And, do I have to configure it to do so?
Ok, I've never tried this before so here is what I just knew.
The new versions (8.x) of ASA software image has Threat Detection features. This is a basic start:
[code:1]ASA(config)# threat-detection scanning-threat shun[/code:1]
The shun keyword tells the ASA to ban an IP/host when it reaches a certain threat limit. To set the duration of the shun for attacking hosts, enter this:
[code:1]ASA(config)# threat-detection scanning-threat shun duration <seconds>[/code:1]
Replace <seconds> with the duration you want attackers to be banned.
To view the hosts that are currently banned, enter the following:
[code:1]ASA# show threat-detection shun[/code:1]
I know you have a million questions by now, so do I . Try reading the section titled "Enabling Scanning Threat Detection" in the ASA 8.x configuration guide, chapter 23. www.cisco.com/en/US/docs/security/asa/as...n/guide/asa80cfg.pdf
By the way, by default the ASA will NOT allow traffic to flow from a lower security interface to higher security interface. If your outside interface is at sec-level 0 and no other interface is at that level, then your moderately safe from outsiders (by default, without configuring any threat detection). Unless you have explicitly allowed such traffic via an access list.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
15 years 10 months ago #29240
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Should I change the default SSH port number?
lol, i was looking for that last night and couldn't find it
well spotted
well spotted
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.148 seconds