Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1066
Views
0
Helpful
1
Replies

ASA threat detection

Ahmad Khalifa
Level 3
Level 3

‎06-15-2015 08:08 AM - edited ‎03-11-2019 11:07 PM

Hi 

i have asa5510  & ASA5515 i enabled the threat detection and to shun also the host that coz a threat to the whole network 
i changed the rates for the firewalls to shun any host that using kali linux and scanning tools such as nmap metasploit ...etc
but the shun doesn't occur till i use this rates and also the firewalls consider the whole networks as threats 


threat-detection rate dos-drop rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate dos-drop rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate bad-packet-drop rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate acl-drop rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate acl-drop rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate conn-limit-drop rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate conn-limit-drop rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate icmp-drop rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate icmp-drop rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate scanning-threat rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate scanning-threat rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate syn-attack rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate syn-attack rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate fw-drop rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate fw-drop rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate inspect-drop rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate inspect-drop rate-interval 3600 average-rate 1 burst-rate 0
threat-detection rate interface-drop rate-interval 600 average-rate 1 burst-rate 0
threat-detection rate interface-drop rate-interval 3600 average-rate 1 burst-rate 0

so what i need to know what is the best rates to shun only the host that using the Kali or whatever tools and keep my network working fine without shun the inside hosts or into the DMZ

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎06-16-2015 06:53 AM

Hi,

The easiest way would be to use the "Threat-Detection scannin-threat except" command to filter some of the IP or network from shunning on the ASA device.

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/t1.html#pgfId-1563523

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card