Re: Pix ASA hide ports for portscan?
- From: Edwin <edwin@xxxxxxxxxxxxxxxxxxxx>
- Date: 30 May 2008 15:20:02 GMT
Uli Link <VonRechts.NachLinks@xxxxxxxxxxxxxxxxxxx> wrote in news:483fd23d$0
$27444$9b4e6d93@xxxxxxxxxxxxxxxxxxxxxxxxxxx:
Edwin schrieb:
Hi All,
I have configured a Pix ASA and opened some ports to dmz and inside for
e.g. mail, www and rdp.
Is it possible to have the pix hide these open ports from portscans
originated from outside? If so, how can it be done?
Can be done by ACL denying access to these ports or by shutting down the
WAN interface ;-) This is most probably not what you want.
If your PIX refuses to connect to the port the listener of the daemon of
DMZ' server will not be reachable anymore from the outside This is due
to the nature of tcp and not related to any special firewall.
I fully agree with you. something needs to respond to requests for a
certain port.
I was actually hoping that the Pix had some feature that deals with certain
characteristics of a portscan. Portscans are recognizeable in general...but
maybe not by a pix?
.
- References:
- Pix ASA hide ports for portscan?
- From: Edwin
- Re: Pix ASA hide ports for portscan?
- From: Uli Link
- Pix ASA hide ports for portscan?
- Prev by Date: Re: SSH username and password only option
- Next by Date: Re: Changing IPs
- Previous by thread: Re: Pix ASA hide ports for portscan?
- Next by thread: Wireless 1250 802.11n AP
- Index(es):
Relevant Pages
|
