?
Solved

Primer on intrusion events that could cause syslog severity emergency, alert and critical

Posted on 2007-07-20
2
Medium Priority
?
447 Views
Last Modified: 2013-11-29
I am looking for a reference / explanation of the types of events that will trigger syslog messages of severity emergency, alert and critical.  We are using Kiwi's syslog daemon and a Cisco PIX firewall.  We normally get a few critical alerts every day.  I am looking for an explanation of the types of exploits, hack attacks, etc... that will trigger this type of message.  Anyone know of a good primer on the subject?
0
Comment
Question by:joddo-jt
2 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 19539084
I would recommend getting a syslog analyzer like Sawmill and let it tell  you what you are seeing.
http://www.sawmill.net/

What you would be looking for are IDS messages. ICMP ping sweeps of the outside IP, port scans look like connection attemps from same source IP, but different destination ports, usually sequential. Some stealth scans rotate the source IP so are harder to detect.
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 500 total points
ID: 19541808
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm

The above should explain you the different types of intrusion alert that a PIX would trigger.

Cheers,
Rajesh
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Experts Exchange expands question security options for members.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question