cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

290
Views
0
Helpful
0
Replies
Highlighted
Cisco Employee

how to tune the dos drop rate?

medium 06/06/2017 16:13:28 cdx01id01 UDP Source Port 0 24199/1 x.x.x.x x.x.x.x 4500 85 85
medium 06/06/2017 16:15:32 cdx01id01 UDP Source Port 0 24199/1 0.0.0.0 x.x.x.x 0 85 85

threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320

ASA log do not have rate about the source and destination ip pair for the keyword rate

however, it is defined as medium risk in Cisco IME

1. how to identify whether it is dos attack in ASA or IPS when client see many TCP sessions?

2. is it the dos rate low and not enough to trigger the dos drop?

3. how to find the rate of this low dos attack in log and tune the dos drop rate?