ASA 5505 Firewall issues

dandare2020 · ‎08-26-2011

Morning all

First of all I would like to say hi to all

The problem I have is that I have a asa 5505 firewall on my server but it's not stopping or even attempting to stop what I believe a ddos attacks. I'm getting close to 100 connections a second and over 2000 connected which kills the server. I've tried blocking ips I've setup the Nats to only allow 25 embo connections. I have the threat dect on But I just feel like I'm missing something really simple to solve this problem. Any guidance would be much appreciated

Many thanks

Dan

Sent from Cisco Technical Support iPhone App

varrao · ‎08-26-2011

Hi Danny,

you can use the shun command to block those packets and they would not at all be processed by the ASA and dropped. The command is:

shun

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

dandare2020 · ‎08-26-2011

Hi thanks for the reply. I've tried doing that but there could be 100 or so different ips. I have a firewall on the server but that just gets over ran very quickly

Cheers

Dan

Sent from Cisco Technical Support iPhone App

varrao · ‎08-26-2011

Hi Danny,

i woudl say firewall is not the best device to mitigate such attacks, this hsould be done on the upstream device, because firewall is only for processing the packets and allowing access. I would suggest if these are coming in huge numbers, kindly open a TAC case for it and try and limit it. There are devices like IPS/IDS which can handle it better.

Thanks,

Varun

Thanks,
Varun Rao