As we know the RECONNAISSANCE attack -> is about finding and discovery about the device or devices of the network.
Seeing that I believed Cppr is the way to protect by disabling ports and controlling things on non-listening ports or closed ports etc...which has got class matches like port-filter ! But when i was browsing the doc cd, and chose 12.4T and moved inside and selected CONTORL PLANE services , i found that by search Ctrl+F, the Reconnaissance attack is mentioned in the CPP (Control Plane Policing) !!! well, policing can only control the rate at which ping/icmp sweep, udp sweep, or tcp sweep is performed. How can it stop it ? Would it be right to say that RECONNAISSANCE Attack is controlled and resolved by : 1> CPP 2> CPPr 3> Both 1 and 2 Note: i think THREAT DETECTION which is avaialble in all versions of ASA 8.X is also a method to manage RECONNISSANCE ATTACK ???? Experts, i need opinions on this please. Kamran!
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
