07-19-2011 02:00 PM - edited 03-11-2019 02:00 PM
How to see the ip address of the attack host?
Show the logging
Jul 19 09:43:15 10.239.67.1 Jul 19 2011 09:43:11: %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 1 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 3113
Jul 19 09:43:15 10.239.67.1 Jul 19 2011 09:43:15: %ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 5 per second, max configured rate is 4; Cumulative total count is 21589
Jul 19 09:43:15 10.239.67.1 Jul 19 2011 09:43:11: %ASA-4-733100: [ Scanning] drop rate-1 exceeded. Current burst rate is 1 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 3113
Jul 19 09:43:15 10.239.67.1 Jul 19 2011 09:43:15: %ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 5 per second, max configured rate is 4; Cumulative total count is 21589
Regards
07-27-2011 03:20 AM
Hi Emilio,
This can be fixed by using threat detection feature on ASA. Here's a link for your help:-
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml#sol6
Note: If you do not want the drop rate exceed warning to appear, you can disable it by running the
no threat-detection basic-threat command.
Hope this helps,
Sian
07-27-2011 07:57 AM
Hi Parminder
How can I shun a host or a network? My ASA is under scanning attack now. Thanks.
07-27-2011 08:14 AM
Just use the shun command
ciscoasa# shun ?
Hostname or A.B.C.D Specify source IP address of a mischievous host
07-27-2011 08:29 AM
Hi lcaruso
I use the shun command shun x.x.x.x x.x.x.x source port (need to specify a range of ports or shun all source ports) 80 0.
How can I shun all or a range of ports of the source port? Source ports are showing dynamically on ASA screen. Thanks.
08-10-2011 02:04 PM
Hi Peter,
I am not sure i dunderstand your requirement well enough to be answering this. Are you looking at shunning a range of ports for a particular IP address on the ASA?
Regards,
Prapanch
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide