cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1802
Views
0
Helpful
2
Replies

Deny IP Spoof from (255.255.255.255) and [Scanning] drop rate.

Incognito1971
Level 1
Level 1

I am replacing an outdated ISA server with a pair of asa 5515's in active / standby.  Our ISP lit up another fiber connections to us and gave us a new set of public IP's to facilitate this conversion.  I have been watching tutorials, reading forums, and googling for the last month trying to prepare for this.  Currently, I have set up access rules for one web server and a prototype direct access server.  I can access the web server over http and https without any problems by going to the non-published new public IP.

While looking at the real time logs when accessing the website, I noticed a lot of "Deny IP spoof from (255.255.255.255) to 0.0.0.0 on interface Outside" and "[Scanning] drop rate-1or2 exceeded. Current burst rate is 2 per second...".

Are these things that I should be worried about?

Thank you for any information.

T

2 Replies 2

Incognito1971
Level 1
Level 1
: Saved
:
ASA Version 9.1(2) 
!
hostname WSCC-ASA1
domain-name Westshore.edu
enable password QODQ9PdmvR8vu92s encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface GigabitEthernet0/0
 nameif Inside
 security-level 100
 ip address 192.168.7.165 255.255.248.0 
!
interface GigabitEthernet0/1
 description Wireless
 nameif Wireless
 security-level 75
 ip address 10.59.0.1 255.255.0.0 
!
interface GigabitEthernet0/2
 description Perimeter
 nameif DMZ
 security-level 50
 ip address 172.28.0.1 255.255.255.224 
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 nameif Outside
 security-level 0
 ip address 38.65.225.1 255.255.252.0 
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 192.168.10.1 255.255.255.0 
!
boot system disk0:/asa912-smp-k8.bin
boot system disk0:/asa901-smp-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name Westshore.edu
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network OBJ_GENERIC_ALL
 subnet 0.0.0.0 0.0.0.0
object network WWW_webserver
 host 192.168.0.68
 description Cascade
object network Direct_Access
 host 192.168.7.162
 description WSCC-S-004014
object-group network PAT-SOURCE
 description PAT Source Networks
 network-object 192.168.0.0 255.255.248.0
object-group service DM_INLINE_TCP_1 tcp
 port-object eq www
 port-object eq https
access-list OUTSIDE-IN remark WSCC-S-003056
access-list OUTSIDE-IN extended permit tcp any object WWW_webserver object-group DM_INLINE_TCP_1 
access-list OUTSIDE-IN remark WSCC-S-004014
access-list OUTSIDE-IN extended permit ip any object Direct_Access 
pager lines 24
logging enable
logging asdm informational
mtu Inside 1500
mtu Wireless 1500
mtu DMZ 1500
mtu Outside 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (Inside,Outside) source dynamic OBJ_GENERIC_ALL interface
!
object network WWW_webserver
 nat (Inside,Outside) static 38.65.225.60
object network Direct_Access
 nat (any,any) static 38.65.225.10
access-group OUTSIDE-IN in interface Outside
route Outside 0.0.0.0 0.0.0.0 38.65.224.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.10.0 255.255.255.0 management
http 192.168.2.152 255.255.255.252 Inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy