https://community.cisco.com/t5/network-security/scanning-attacks/m-p/2710061#M191861 <P>Hi,</P><P>Scanning attack detected (This option monitors scanning attacks; for example, the first TCP packet is not a SYN packet, or the TCP connection failed the 3-way handshake. Full scanning threat detection&nbsp; takes this scanning attack rate information and acts on it by classifying hosts as attackers and automatically shunning them, for example. Incomplete session detection such as TCP SYN attack detected or no data UDP session attack detected.</P><P>So with Threat Detection enabled , you would see these stats increase for any drops which doesn't complete 3 Way Handshake.</P><P>Refer:-</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/protect_threat.html</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/protect.html#wp1072953</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Thu, 07 May 2015 14:16:09 GMT Vibhor Amrodia 2015-05-07T14:16:09Z https://community.cisco.com/t5/network-security/scanning-attacks/m-p/2710060#M191860 <P>I really know very little about firewalls, but noticed on the Firewall Dashboard we are seeing constant possible scanning attacks. &nbsp;Is this normal? &nbsp;If not what should I do about it?</P> Tue, 12 Mar 2019 05:53:49 GMT https://community.cisco.com/t5/network-security/scanning-attacks/m-p/2710060#M191860 KSEyebank1 2019-03-12T05:53:49Z https://community.cisco.com/t5/network-security/scanning-attacks/m-p/2710061#M191861 <P>Hi,</P><P>Scanning attack detected (This option monitors scanning attacks; for example, the first TCP packet is not a SYN packet, or the TCP connection failed the 3-way handshake. Full scanning threat detection&nbsp; takes this scanning attack rate information and acts on it by classifying hosts as attackers and automatically shunning them, for example. Incomplete session detection such as TCP SYN attack detected or no data UDP session attack detected.</P><P>So with Threat Detection enabled , you would see these stats increase for any drops which doesn't complete 3 Way Handshake.</P><P>Refer:-</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/protect_threat.html</P><P>http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/protect.html#wp1072953</P><P>Thanks and Regards,</P><P>Vibhor Amrodia</P> Thu, 07 May 2015 14:16:09 GMT https://community.cisco.com/t5/network-security/scanning-attacks/m-p/2710061#M191861 Vibhor Amrodia 2015-05-07T14:16:09Z