https://community.cisco.com/t5/network-security/threat-detection-problem/m-p/2145951#M359761 <HTML><HEAD></HEAD><BODY><P>Thank you jocamare,do you rocammend a TD configuration that can detect a scanning attack?</P></BODY></HTML> Fri, 05 Apr 2013 09:43:12 GMT noir_oscar 2013-04-05T09:43:12Z https://community.cisco.com/t5/network-security/threat-detection-problem/m-p/2145949#M359759 <P>Please help me,I am testing the Cisco ASA by nmap but cisco asa doesn't shun my ip.</P><P>I have configured the threat detection as following:</P><P>threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400</P><P>threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320</P><P>threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400</P><P>threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320</P><P>threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800</P><P>threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640</P><P>threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400</P><P>threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320</P><P>threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400</P><P>threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320</P><P>no threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10</P><P>threat-detection rate scanning-threat rate-interval 600 average-rate 3 burst-rate 6</P><P>threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8</P><P>no threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200</P><P>threat-detection rate syn-attack rate-interval 600 average-rate 30 burst-rate 45</P><P>threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160</P><P>threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600</P><P>threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280</P><P>threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600</P><P>threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280</P><P>threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000</P><P>threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400</P><P>threat-detection basic-threat</P> Tue, 12 Mar 2019 01:17:17 GMT https://community.cisco.com/t5/network-security/threat-detection-problem/m-p/2145949#M359759 noir_oscar 2019-03-12T01:17:17Z https://community.cisco.com/t5/network-security/threat-detection-problem/m-p/2145950#M359760 <HTML><HEAD></HEAD><BODY><P>The TD feature works with traffic going through the box, not to it.</P><P></P><P>In case you are trying to scan a host across the ASA, make sure you can see the 733101 logs and also that the attacker appears in the "<STRONG>show threat scanning</STRONG>" output.</P></BODY></HTML> Tue, 26 Mar 2013 14:14:11 GMT https://community.cisco.com/t5/network-security/threat-detection-problem/m-p/2145950#M359760 jocamare 2013-03-26T14:14:11Z https://community.cisco.com/t5/network-security/threat-detection-problem/m-p/2145951#M359761 <HTML><HEAD></HEAD><BODY><P>Thank you jocamare,do you rocammend a TD configuration that can detect a scanning attack?</P></BODY></HTML> Fri, 05 Apr 2013 09:43:12 GMT https://community.cisco.com/t5/network-security/threat-detection-problem/m-p/2145951#M359761 noir_oscar 2013-04-05T09:43:12Z