Detect DDOS attack?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2013 01:31 PM - edited 03-11-2019 07:29 PM
Hello guys,
I have an ASA 5550 for 3 years, it's been working great. I was wondering how do I detect if I'm under DDOS/SYN attack from my ASA (ASDM or CLI)? How to mitigate the attack? Thanks.
- Labels:
-
NGFW Firewalls

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2013 01:48 AM
ASA has basic threat detection features (ASDM -> Config -> Firewall -> Threat Detection) where you can configure it (SYN attacks). DDOS is not very specific because there are many variants of it, currently most of it are DNS attacks
Michael
Please rate all helpful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2013 07:37 AM
I have those enabled now. I've heard a lot about DNS attacks but what exactly ASA can do to migitate it? if not what can I do/buy (I've heard of IPS module for ASA) to migitate it if it happens? Thanks and have a good Friday!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2013 08:18 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-23-2013 03:42 PM
There are a lot of companies that specialize in Netflow products speficially tailored towards DDOS detection.
