Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
1
Replies

regarding DoS of icmp packets

r.kukreja
Level 1
Level 1

‎09-28-2010 09:07 AM - edited ‎03-11-2019 11:46 AM

what is the command i can use in

asa 5510 and 5520 to stop icmp packet of my public ip to ruin attac

k of DOS after certain amount of time . lets say 5 minutes i want to stop icmp service of my public ip interface

I AM using 7.0 version i did not find any command like threat-de

tection kindly help. can it be configure with cbac access

list with time range limit

thanks,

Rajat

Labels:
0 Helpful
1 Reply 1

Atri Basu
Cisco Employee
Cisco Employee

‎10-01-2010 11:31 AM

It appears as though what you want to do is block ICMP flood attacks or Smurf attacks.

If that is the case then your best option is an IPS. The AIP-SSM module is actually an IPS module that can be integrated into the ASA itself.

If however you do not wish to use an IPS then the next best option is threat detection on an ASA, but that was introduced only in 8.0, so you'll have to run 8.x code in order to use it. Which is why, you are unable to find the command in 7.0

Regarding time bases ACLs, there are such things, but they don't work the way you intend them to. A time based ACL kicks in at a certain time and can be removed after a certain period of time.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card