Hi! I have a couple of question with regards to the security attack (for beginners like me!), if you suspect this will happen to you. Say you have a PIX with cisco router, your inbound traffic is very high and the PIX logs is filling up with lots of port scanning, connection drop, DoS attack, nimda and etc.. what would you do at first place? Any steps or procedure people practices?
As for my suggestion, if the logs show http attack (base on the destination port), I will intend to debug ip http traffic in the router, then probably ip icmp traffic. If by most of the traffic is inbound, I would immediately apply the access-list to filter all the inbound http traffic. Any suggestion? Regards, Ryan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23336&t=23336 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
