Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1078
Views
0
Helpful
0
Replies

ASA ICMP flood detection and protection

Machi Ma
Level 1
Level 1

‎12-28-2016 07:31 PM - edited ‎03-12-2019 01:42 AM

Hi,

Recently process some security audit with using hping3 procedure icmp flood attack

> hping3 -1 --flood aaa.bbb.ccc.ddd

HPING aaa.bbb.ccc.ddd (eth0 aaa.bbb.ccc.ddd): icmp mode set, 28 headers + 0 data bytes
hping in flood mode, no replies will be shown

--- aaa.bbb.ccc.ddd hping statistic ---
293280 packets transmitted, 0 packets received, 100% packet loss

I can see the traffic can be passing thru ASA without any blocking or logging.  Of course without any return echo reply. The ICMP packet looks like general type 8 code 0 packet

It caused  ASA CPU spike and security issue.

Basic protection enabled at ASA

- ASA already enable basic threat-detection.  Stopped scanning threat

- IPS audit enabled

Does anyway can do under ASA to protect this kind of attack? 

Thanks for your advise.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card