Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Security Activity Bulletin

Port Sweep Activity

 
Threat Type:IntelliShield: Security Activity Bulletin
IntelliShield ID:123
Version:1
First Published:2000 May 01 16:00 GMT
Last Published:2000 May 01 16:00 GMT
Port: Not available
Urgency:Unlikely Use
Credibility:Confirmed
Severity:Harassment
Related Resources:
View related IPS Signature
 
 
Version Summary:

Port sweeps allow attackers to gather information that could be used to discover exploitable vulnerabilities.

 

Description
 

Attackers often look for vulnerable services using port sweep programs that connect to several ports.  Many network service daemons respond to a connection with a text banner describing their program name and version number.  Attackers can use these responses to identify services that may have vulnerabilities.

The existence of a "listener" on a port can also be useful information that an intruder can use to plan future attacks.


Signatures
 
Cisco Intrusion Prevention System (IPS) 5.1
Signature IDSignature NameReleaseLatest Release Date
3001/0TCP Port SweepS22001 Feb 02 
3005/0TCP FIN Port SweepS22001 Feb 02 
3006/0TCP Frag FIN Port SweepS22001 Feb 02 
3011/0TCP FIN High Port SweepS22001 Feb 02 
3012/0TCP Frag FIN High Port SweepS22001 Feb 02 
3015/0TCP Null Port SweepS22001 Feb 02 
3016/0TCP Frag Null Port SweepS22001 Feb 02 
3020/0TCP SYN FIN Port SweepS22001 Feb 02 
3021/0TCP Frag SYN FIN Port SweepS22001 Feb 02 
3038/0Fragmented NULL TCP PacketS22001 Feb 02 
3039/0Fragmented Orphaned FIN packetS22001 Feb 02 
3040/0TCP NULL PacketS22001 Feb 02 
3041/0TCP SYN/FIN PacketS22001 Feb 02 
3042/0Orphaned Fin PacketS22001 Feb 02 
3043/0Fragmented SYN/FIN PacketS22001 Feb 02 
5724/0Nikto ScanS2562006 Oct 30 
Cisco Intrusion Prevention System (IPS) 6.0
Signature IDSignature NameReleaseLatest Release Date
3001/0TCP Port SweepS22001 Feb 02 
3002/0TCP SYN Port SweepS6302012 Mar 07 
3003/0TCP Frag SYN Port SweepS3882009 Mar 26 
3005/0TCP FIN Port SweepS22001 Feb 02 
3006/0TCP Frag FIN Port SweepS22001 Feb 02 
3010/0TCP High Port SweepS5732011 Jun 13 
3011/0TCP FIN High Port SweepS22001 Feb 02 
3012/0TCP Frag FIN High Port SweepS22001 Feb 02 
3015/0TCP Null Port SweepS22001 Feb 02 
3016/0TCP Frag Null Port SweepS22001 Feb 02 
3020/0TCP SYN FIN Port SweepS22001 Feb 02 
3021/0TCP Frag SYN FIN Port SweepS22001 Feb 02 
3031/0TCP FRAG SYN Host SweepS6532012 Jun 25 
3032/0TCP FIN Host SweepS6532012 Jun 25 
3033/0TCP FRAG FIN Host SweepS6532012 Jun 25 
3034/0TCP NULL Host SweepS6532012 Jun 25 
3035/0TCP FRAG NULL Host SweepS6532012 Jun 25 
3036/0TCP SYN FIN Host SweepS6532012 Jun 25 
3037/0TCP FRAG SYN FIN Host SweepS6532012 Jun 25 
3038/0Fragmented NULL TCP PacketS22001 Feb 02 
3039/0Fragmented Orphaned FIN packetS22001 Feb 02 
3040/0TCP NULL PacketS22001 Feb 02 
3041/0TCP SYN/FIN PacketS22001 Feb 02 
3042/0Orphaned Fin PacketS22001 Feb 02 
3043/0Fragmented SYN/FIN PacketS22001 Feb 02 
4001/0UDP Port SweepS5732011 Jun 13 
4003/0Nmap UDP Port SweepS4232009 Aug 06 
5724/0Nikto ScanS2562006 Oct 30 
 
Alert History
 

This is a Security Activity Bulletin.



Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
IntelliShieldSecurity Activity Bulletin Original Release Base

Associated Products:
N/A




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield