Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
1
Replies

Scanning Attacks

KSEyebank1
Level 1
Level 1

‎05-06-2015 11:35 AM - edited ‎03-11-2019 10:53 PM

I really know very little about firewalls, but noticed on the Firewall Dashboard we are seeing constant possible scanning attacks.  Is this normal?  If not what should I do about it?

Labels:
Preview file
566 KB
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎05-07-2015 07:16 AM

Hi,

Scanning attack detected (This option monitors scanning attacks; for example, the first TCP packet is not a SYN packet, or the TCP connection failed the 3-way handshake. Full scanning threat detection  takes this scanning attack rate information and acts on it by classifying hosts as attackers and automatically shunning them, for example. Incomplete session detection such as TCP SYN attack detected or no data UDP session attack detected.

So with Threat Detection enabled , you would see these stats increase for any drops which doesn't complete 3 Way Handshake.

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/protect_threat.html

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/configuration/guide/conf_gd/protect.html#wp1072953

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card