shubhamkulkarni39,

Thanks for your post. There are some good questions here. For each question, I am going to list the services that Cisco employ in to the ASA platform as a preventative measure for these types of attacks. I'm am not going to provide configuration examples for these, as a short session of Googling will reveal plenty of guides on how to do this.

1. ARP Inspection. This will prevent rogue hosts from spoofing ARPs, thus removing the ability for them to intercept traffic to other hosts.

2. Use the global policy map to set the maximum connections and/or maximum connection times. This will prevent against duplicate SYN attacks, where a host will try and open large amounts of connects to fill the queues up thus denying legitimate hosts a connection.

3. Unicast RPF. Details can be found at the following link: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/protect_tools.html

4. Whilst I have never worked closely preventing this type of attack, I believe the built in threat detection feature on the ASA can service this.

5. Network sniffing is passive an undetectable. It listens to data already on the wire, so there is nothing the ASA itself can do to prevent this. I'm not sure this qualifies as an attack either.

6. Enable the ICMP inspection engine and block it any/any on your publicly facing interfaces.

7. Again, using the policy map, the ASA will randomise the ISN of the SYN, thus preventing sessions from being hijacked.

8. This type of attack is not really relevant to the Cisco ASA or network security in general. I'd recommend reading up on this.

HTH

Kind regards,

Luke

Please rate helpful posts and mark correct answers.