cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1381
Views
0
Helpful
5
Replies

Scanning Attacks on Cisco ASA Firewall

mudasir05
Beginner
Beginner

Hello All,

I am observing some 150-300 scanning Attacks on my Cisco ASA firewall.

I have enabled threat-detection scanning-threat,however the attacks don't decrease.

I am just curious whether these are normal or something can be done to fix this.

Thanks

5 Replies 5

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

Enabling 'threat-detection scanning-threat' will only build a database of possible attackers which can produce detailed reports. Using this detail you can choose to shun those attackers, but an additional keyword is required:

threat-detection scanning-threat shun

Further information can be found here:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html

cheers,

Seb.

thanks Seb for the info...

i did the same however the scanning attacking are still there...

any idea how to fix that....

thanks

i used the command "threat-detection scanning-threat shun duration 259200"

need to know will this command shun all those present in the attacker database...

let me know...

thanks

That number added is the length of the Shun in seconds............

So for each attacker detected the ASA will shun the host for 259200 seconds (4320 minutes) which is a long time. This could be legitimate traffic too. I would recommend you investigate the perceived attacks.

Hello,

I checked the traffic and found some hosts from my internal lan which later i put in the shun except list......but now iam concerned with the users who are accessing from outside and are legitimate....how to fix that if they find themselves in the shun list....

thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: