cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
461
Views
0
Helpful
2
Replies

Denied Attackers - Maximum?

David Inabinet
Level 1
Level 1

Does anyone know where I can find out the maximum number of denied attackers the ASA-SSM-10 running 6.1(1)E2 can handle? I see where you can set a timeout and total number for the denied hosts and denied network blocks but I haven't been able to find anything for the max number of denied attackers.

I'm am using this for a signature that is sometimes popular on our network and I'm concerned about impacting the performance of my IPS.

Thanks.

2 Replies 2

rhermes
Level 7
Level 7

The default number of blocked hosts is 250. You can see this with a "sh stat net" command. This can be configured from

conf t

service net

general

block-max-entries

Blocks are different than Denies.

Blocks are for the modification of configuration on Switches, Routers, or Firewalls to get the other device to drop the traffic.

Denies are when the sensor itself drops the packets. The sensor must be operated in InLine mode for Denies to work.

To configure the max number of Denied Attackers you follow a similar procedure as rhermes posted, but it is controlled in the service event-action-rules rules0 configuration.

conf t

service event-action-rules rules0

general

max-denied-attackers 10000

The default I believe is 10,000, but can be configured to be much higher or lower. Increasing this number could have a performance affect on your sensor, so be carefull when increasing this above 10,000.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: