https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588161#M564606 <HTML><HEAD></HEAD><BODY><P>with the command "sh threat-detection shun" you can tell if they are being shunned. A syslog message would be generated in that case.</P><P></P><P>If that happens again should be able to check the result of the command and the logs.</P></BODY></HTML> Wed, 02 Mar 2011 16:23:01 GMT PAUL GILBERT ARIAS 2011-03-02T16:23:01Z https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588160#M564602 <P>Hi,</P><P></P><P>A client suffered an outage with their isp today with a ASA5505 running 8.4(1).The connection bounced for about an hour or so.</P><P></P><P>It would appear a side effect of the outage is the ASA shunned two inside servers. The configuration was set to detect scanning threats and shun them, but it did not specify to exclude this network which is not directly connected but is on the inside.</P><P></P><P>I'm curious if the outage actually caused this but don't understand any conditions in which these servers would be scanning the ASA.</P><P></P><P>Can anyone shed some light on this? Thanks.</P> Mon, 11 Mar 2019 19:59:49 GMT https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588160#M564602 lcaruso 2019-03-11T19:59:49Z https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588161#M564606 <HTML><HEAD></HEAD><BODY><P>with the command "sh threat-detection shun" you can tell if they are being shunned. A syslog message would be generated in that case.</P><P></P><P>If that happens again should be able to check the result of the command and the logs.</P></BODY></HTML> Wed, 02 Mar 2011 16:23:01 GMT https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588161#M564606 PAUL GILBERT ARIAS 2011-03-02T16:23:01Z https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588162#M564610 <HTML><HEAD></HEAD><BODY><P>I did a sh shun and it listed them.</P><P></P><P>We do save the logs on this ASA so it will be a matter of going through them, but I'm still curious what others have to say.</P></BODY></HTML> Wed, 02 Mar 2011 16:30:49 GMT https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588162#M564610 lcaruso 2011-03-02T16:30:49Z https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588163#M564613 <HTML><HEAD></HEAD><BODY><P>opened a tac case earlier in the day. I'll let you know if they come up with anything worth posting.</P></BODY></HTML> Wed, 02 Mar 2011 22:43:01 GMT https://community.cisco.com/t5/network-security/inside-servers-shunned/m-p/1588163#M564613 lcaruso 2011-03-02T22:43:01Z