From the course: Cisco Network Security: Intrusion Detection and Prevention
Unlock the full course today
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Sweep scan - Cisco Routers Tutorial
From the course: Cisco Network Security: Intrusion Detection and Prevention
Sweep scan
- [Instructor] In a signature-based intrusion detection system, sweep engines monitor for the various signatures related to sweeps and scans. Scanning techniques can vary. In this demo, we'll take a look at a TCP scan and see the signature as if we were right in the intrusion detection system watching the traffic as it travels across the network. I'm at this webpage here at Cisco Security which talks about threat information and more specifically, intrusion prevention system signatures. Here we see TCP SYN Host Sweep. It talks a little bit about the ID, when it was released, and then down below a description. This signature fires when a series of TCP SYN packets have been sent from one single host to a number of different hosts. This could be for example an attempt to map the network. This is indicative that a reconnaissance sweep of your network may be in progress and it says this may be the prelude to a more serious attack. Let's take a look. I am in Wireshark so we can see the…