Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
2
Replies

Blocking/Shunning Hosts with Service Policy Rules

victorr001
Level 1
Level 1

‎12-21-2012 08:53 PM - edited ‎03-11-2019 05:40 PM

I have an ASA 5510 deployed and we are getting a tonne of port scanning traffic (who isn't these days) and ping traffic.

The threat scanning thresholds seem a bit too high and was wondering if there is a way to use a Service Policy Rule to perform a Shun/Block of the hosts rather than the firewall simply blocking the request via the ACL and sending a reply.

In other words, if I do nothing, I know the ACL is protecting the resources but it is still replying to the client connection. I want the end result to be the same as a "Shun" where the connection is dropped and no reply is sent.

Does anyone have an example of how to employ Service Policy Rules to thwart Port Scanning and/or IP Spoofing?            

Labels:
0 Helpful
2 Replies 2

Peter Koltl
Level 7
Level 7

‎12-22-2012 06:04 AM 

service resetoutside

command sets ASA to send TCP RST to denied traffic but it is disabled by default. That is, denied incoming packets are dropped silently by default.

0 Helpful

victorr001
Level 1
Level 1
In response to Peter Koltl

‎12-22-2012 01:40 PM

Thanks for the tip Peter.

I was really hoping to find a solution using the service policy if possible so that I could tune the parameters on packets per second, source ip, etc and be more specific about how to block these attacks.

The end result would be to reset the connection, but, the logic around whether it should be reset or not is what I am interested in.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card