https://community.cisco.com/t5/network-security/denied-attackers-maximum/m-p/1045028#M79182 <HTML><HEAD></HEAD><BODY><P>Blocks are different than Denies.</P><P></P><P>Blocks are for the modification of configuration on Switches, Routers, or Firewalls to get the other device to drop the traffic.</P><P></P><P>Denies are when the sensor itself drops the packets. The sensor must be operated in InLine mode for Denies to work.</P><P></P><P>To configure the max number of Denied Attackers you follow a similar procedure as rhermes posted, but it is controlled in the service event-action-rules rules0 configuration.</P><P></P><P>conf t</P><P>service event-action-rules rules0</P><P>general</P><P>max-denied-attackers 10000</P><P></P><P>The default I believe is 10,000, but can be configured to be much higher or lower. Increasing this number could have a performance affect on your sensor, so be carefull when increasing this above 10,000.</P><P></P><P></P><P></P><P></P></BODY></HTML> Fri, 08 Aug 2008 16:54:42 GMT marcabal 2008-08-08T16:54:42Z https://community.cisco.com/t5/network-security/denied-attackers-maximum/m-p/1045026#M79180 <P>Does anyone know where I can find out the maximum number of denied attackers the ASA-SSM-10 running 6.1(1)E2 can handle? I see where you can set a timeout and total number for the denied hosts and denied network blocks but I haven't been able to find anything for the max number of denied attackers. </P><P></P><P>I'm am using this for a signature that is sometimes popular on our network and I'm concerned about impacting the performance of my IPS. </P><P></P><P>Thanks.</P> Sun, 10 Mar 2019 11:14:30 GMT https://community.cisco.com/t5/network-security/denied-attackers-maximum/m-p/1045026#M79180 David Inabinet 2019-03-10T11:14:30Z https://community.cisco.com/t5/network-security/denied-attackers-maximum/m-p/1045027#M79181 <HTML><HEAD></HEAD><BODY><P>The default number of blocked hosts is 250. You can see this with a "sh stat net" command. This can be configured from</P><P>conf t</P><P>service net</P><P>general</P><P>block-max-entries</P><P></P></BODY></HTML> Fri, 08 Aug 2008 14:22:21 GMT https://community.cisco.com/t5/network-security/denied-attackers-maximum/m-p/1045027#M79181 rhermes 2008-08-08T14:22:21Z https://community.cisco.com/t5/network-security/denied-attackers-maximum/m-p/1045028#M79182 <HTML><HEAD></HEAD><BODY><P>Blocks are different than Denies.</P><P></P><P>Blocks are for the modification of configuration on Switches, Routers, or Firewalls to get the other device to drop the traffic.</P><P></P><P>Denies are when the sensor itself drops the packets. The sensor must be operated in InLine mode for Denies to work.</P><P></P><P>To configure the max number of Denied Attackers you follow a similar procedure as rhermes posted, but it is controlled in the service event-action-rules rules0 configuration.</P><P></P><P>conf t</P><P>service event-action-rules rules0</P><P>general</P><P>max-denied-attackers 10000</P><P></P><P>The default I believe is 10,000, but can be configured to be much higher or lower. Increasing this number could have a performance affect on your sensor, so be carefull when increasing this above 10,000.</P><P></P><P></P><P></P><P></P></BODY></HTML> Fri, 08 Aug 2008 16:54:42 GMT https://community.cisco.com/t5/network-security/denied-attackers-maximum/m-p/1045028#M79182 marcabal 2008-08-08T16:54:42Z