Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Question about "IDS, DNS Attacks graph"

Status
Not open for further replies.
zacca

zacca

Technical User
Dec 25, 2003
333
HK
Hi there,

From my PIX506 PDM, I plotted a graph "IDS, DNS Attacks", in which I got a blue line keep on raising up to 6K packets. From the legend blue line is "All Records".

I got a DNS server behind PIX which allow for public access, is this blue line a normal one? Or it really told me that my DNS server was being attack? If it was really being attack, how can I retrieve more info from PIX?

Thanks so much for your help!
 
Sort by date Sort by votes
Have you configured your firewall to report to a syslog server (i.e. Kiwi syslog)? If yes, parse those syslog servers and see the details about the IDS events. Use a log anlayzer (wink, wink) to look for the details that you are interested in.

Adrian Grigorof
FireGen for Pix Log Analyzer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DROFNUD
  • Locked
  • Helpful tip
Smartcenter Dashboard - Searching for "Any" keyword
Replies
0
Views
54
DROFNUD
DROFNUD
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
297
intel233
intel233
RodneyMcSnow
  • Locked
  • Question
TZ400 -how to prevent dns attacks
Replies
2
Views
90
RodneyMcSnow
RodneyMcSnow
mackland1903
  • Locked
  • Question
Populate oblect group from DNS
Replies
1
Views
64
burtsbees
burtsbees
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
100
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top