Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15807
Views
0
Helpful
1
Replies

Stopping an UDP Flood

mijnvirtualserver
Level 1
Level 1

‎01-23-2011 05:01 PM - edited ‎03-11-2019 12:39 PM

Hello,

The last week i have had a lot of UDP Flood attacks. I can't seem to figure out how i can stop them with my cisco asa 5505.

The ports are all closed to the internal IP address (firewall is in transparent mode) accept for a view desired ports, but still if there there is a udp flood attack they send udp packages to a large range of ports and the cisco is filling up with connections leading to full 10000 connections and losing connection to the internal network (because of the connection limit).

I have tried to set service policy rules and set traffic match criteria to source and destination ip address (uses ACL) and set the connection settings for maximum tcp & udp connections to 200. nd also for the other options to 200. But this don't seem to help.

The only thing i can do now is shun the IP address and then it stops the connections fill up. I also tried to setup the enable scanning threat detection and set shun hosts detected by scanning threat but this isn't working either.

Can somebody please help me with this. I don't know how i can solve this.

Here is my config file: I replaced the internal ip addresses with (ipaddress ending with:)

: Saved
:
ASA Version 8.3(1)
!
firewall transparent
hostname ciscoasa
enable password ***************** encrypted
passwd ****************** encrypted
names
!
interface Vlan1
nameif inside
security-level 100
!
interface Vlan2
nameif outside
security-level 0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
shutdown
!
interface Ethernet0/3
shutdown
!
interface Ethernet0/4
shutdown
!
interface Ethernet0/5
shutdown
!
interface Ethernet0/6
shutdown
!
interface Ethernet0/7
shutdown
!
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
object network IPAddress Ending with:15
host IPAddress Ending with:15
object network InterneIPRange
range IPAddress Ending with:5 IPAddress Ending with:59
object service RDP
service tcp destination eq 3389
object network IPAddress Ending with:5
host IPAddress Ending with:5
object network IPAddress Ending with:10
host IPAddress Ending with:10
object network IPAddress Ending with:11
host IPAddress Ending with:11
object network IPAddress Ending with:12
host IPAddress Ending with:12
object network IPAddress Ending with:13
host IPAddress Ending with:13
object network IPAddress Ending with:14
host IPAddress Ending with:14
object network IPAddress Ending with:16
host IPAddress Ending with:16
object network IPAddress Ending with:17
host IPAddress Ending with:17
object network IPAddress Ending with:18
host IPAddress Ending with:18
object network IPAddress Ending with:19
host IPAddress Ending with:19
object network IPAddress Ending with:20
host IPAddress Ending with:20
object network IPAddress Ending with:21
host IPAddress Ending with:21
object network IPAddress Ending with:22
host IPAddress Ending with:22
object network IPAddress Ending with:23
host IPAddress Ending with:23
object network IPAddress Ending with:24
host IPAddress Ending with:24
object network IPAddress Ending with:25
host IPAddress Ending with:25
object network IPAddress Ending with:26
host IPAddress Ending with:26
object network IPAddress Ending with:30
host IPAddress Ending with:30
object network IPAddress Ending with:31
host IPAddress Ending with:31
object network IPAddress Ending with:32
host IPAddress Ending with:32
object network IPAddress Ending with:33
host IPAddress Ending with:33
object network IPAddress Ending with:34
host IPAddress Ending with:34
object network IPAddress Ending with:35
host IPAddress Ending with:35
object network IPAddress Ending with:37
host IPAddress Ending with:37
object network IPAddress Ending with:40
host IPAddress Ending with:40
object network IPAddress Ending with:41
host IPAddress Ending with:41
object network IPAddress Ending with:42
host IPAddress Ending with:42
object network IPAddress Ending with:43
host IPAddress Ending with:43
object network IPAddress Ending with:44
host IPAddress Ending with:44
object network IPAddress Ending with:45
host IPAddress Ending with:45
object network IPAddress Ending with:46
host IPAddress Ending with:46
object network IPAddress Ending with:47
host IPAddress Ending with:47
object network IPAddress Ending with:48
host IPAddress Ending with:48
object network IPAddress Ending with:49
host IPAddress Ending with:49
object network IPAddress Ending with:54
host IPAddress Ending with:54
object network IPAddress Ending with:55
host IPAddress Ending with:55
object network IPAddress Ending with:56
host IPAddress Ending with:56
object network IPAddress Ending with:57
host IPAddress Ending with:57
object network IPAddress Ending with:58
host IPAddress Ending with:58
object network IPAddress Ending with:59
host IPAddress Ending with:59
object network IPAddress Ending with:8
host IPAddress Ending with:8
object network IPAddress Ending with:9
host IPAddress Ending with:9
object service MySQL
service tcp destination eq 3306
object service PleskCP
service tcp destination eq 8443
object service SMTP-2025
service tcp destination eq 2025
object service Webmin
service tcp destination eq 10000
object service Webmin-11111
service tcp destination eq 11111
object network IPAddress Ending with:51
host IPAddress Ending with:51
object-group service DM_INLINE_SERVICE_1
service-object object RDP
service-object tcp destination eq www
service-object tcp destination eq https
service-object icmp
service-object tcp-udp destination eq domain
object-group service DM_INLINE_SERVICE_10
service-object object MySQL
service-object object PleskCP
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_11
service-object object MySQL
service-object object PleskCP
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_12
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_13
service-object object PleskCP
service-object object RDP
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_2
service-object tcp-udp destination eq domain
service-object tcp destination eq www
service-object tcp destination eq https
service-object icmp
object-group service DM_INLINE_SERVICE_3
service-object tcp-udp destination eq domain
service-object tcp destination eq www
service-object tcp destination eq https
service-object icmp
object-group service DM_INLINE_SERVICE_4
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_5
service-object object MySQL
service-object object PleskCP
service-object tcp-udp destination range 30000 30001
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
service-object object RDP
object-group service DM_INLINE_SERVICE_6
service-object object PleskCP
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
service-object tcp destination eq echo
service-object object RDP
object-group network DM_INLINE_NETWORK_3
network-object host 187.78.37.96
network-object host 50.22.18.190
network-object host 78.46.57.45
network-object host 65.60.59.62
object-group service DM_INLINE_SERVICE_8
service-object object MySQL
service-object object PleskCP
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_9
service-object object MySQL
service-object object PleskCP
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_14
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp-udp destination eq 10011
service-object tcp-udp destination eq 30033
service-object tcp-udp destination eq 9987
service-object icmp
object-group service DM_INLINE_SERVICE_15
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp destination eq ssh
service-object icmp
object-group service DM_INLINE_SERVICE_16
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_17
service-object object PleskCP
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_18
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_19
service-object tcp-udp destination eq domain
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_20
service-object tcp-udp destination eq domain
service-object tcp destination eq www
service-object icmp
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_21
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ident
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_22
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp-udp destination eq 49171
service-object icmp
object-group service DM_INLINE_SERVICE_23
service-object object MySQL
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp-udp destination eq 20
service-object tcp-udp destination range 8000 8001
service-object tcp-udp destination eq 90
service-object tcp destination eq 2224
service-object tcp destination eq 990
service-object tcp destination eq ssh
service-object icmp
object-group service DM_INLINE_SERVICE_24
service-object object PleskCP
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_25
service-object object PleskCP
service-object object RDP
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_26
service-object object Webmin
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp destination eq ssh
service-object icmp
object-group service DM_INLINE_SERVICE_27
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp-udp destination range 16000 17000
service-object tcp-udp destination range 2020 2022
service-object tcp-udp destination range 7090 7100
service-object tcp-udp destination range 8000 8500
service-object icmp
object-group service DM_INLINE_SERVICE_28
service-object object SMTP-2025
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_29
service-object object Webmin-11111
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp destination eq ssh
service-object icmp
object-group service DM_INLINE_SERVICE_30
service-object object Webmin-11111
service-object tcp-udp destination eq domain
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ssh
service-object icmp
object-group service DM_INLINE_SERVICE_31
service-object object Webmin-11111
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp destination eq ssh
service-object icmp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
port-object eq pop3
port-object eq smtp
port-object eq ssh
object-group service DM_INLINE_SERVICE_32
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination range 3306 3307
service-object tcp destination eq 3594
service-object tcp destination range 43594 43595
service-object tcp destination eq 5000
service-object tcp destination range 5816 5817
service-object tcp destination eq 8080
service-object tcp destination eq 8653
service-object tcp destination eq 9865
service-object tcp destination range 9957 9959
service-object tcp destination eq 9960
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_33
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_34
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ident
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_35
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp-udp destination range 16000 17000
service-object tcp-udp destination range 2020 2022
service-object tcp-udp destination range 8000 8500
service-object icmp
object-group service DM_INLINE_SERVICE_36
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object tcp-udp destination range 16000 17000
service-object tcp-udp destination range 2020 2022
service-object tcp-udp destination range 8000 8500
service-object icmp
object-group service DM_INLINE_SERVICE_37
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group service DM_INLINE_SERVICE_38
service-object object RDP
service-object tcp-udp destination eq domain
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
service-object icmp
object-group network DM_INLINE_NETWORK_1
network-object host 188.122.8.39
network-object host 190.144.12.134
network-object host 82.168.224.127
network-object host 83.84.197.244
network-object host 87.211.91.231
network-object host 94.211.28.251
object-group service DM_INLINE_SERVICE_39
service-object object RDP
service-object tcp destination eq 8088
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_2
network-object object IPAddress Ending with:15
network-object object IPAddress Ending with:31
access-list outside_access_in extended deny ip 94.75.0.0 255.255.0.0 any inactive
access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 any
access-list outside_access_in extended deny ip 189.109.0.0 255.255.0.0 any
access-list outside_access_in extended deny ip object-group DM_INLINE_NETWORK_3 any
access-list outside_access_in extended deny ip 195.81.138.0 255.255.255.0 any
access-list outside_access_in extended deny ip 213.203.192.0 255.255.255.0 any inactive
access-list outside_access_in extended deny ip 89.19.28.0 255.255.255.0 any
access-list outside_access_in extended deny ip host 85.17.137.180 any
access-list outside_access_in extended deny ip 189.205.227.0 255.255.255.0 any
access-list outside_access_in extended deny object-group DM_INLINE_PROTOCOL_1 75.126.210.0 255.255.255.0 any
access-list outside_access_in extended deny ip host 64.119.177.68 any
access-list outside_access_in extended deny ip 85.17.103.0 255.255.255.0 any inactive
access-list outside_access_in extended deny ip host 147.32.90.250 any
access-list outside_access_in extended deny ip 213.75.71.0 255.255.255.0 any inactive
access-list outside_access_in extended deny ip 213.75.11.0 255.255.255.0 any inactive
access-list outside_access_in extended permit object RDP any object IPAddress Ending with:8
access-list outside_access_in extended permit object RDP any object IPAddress Ending with:9
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any object IPAddress Ending with:10
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any object IPAddress Ending with:11
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any object IPAddress Ending with:12
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_4 any object IPAddress Ending with:13
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 any object IPAddress Ending with:14
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_6 any object IPAddress Ending with:15
access-list outside_access_in extended permit object-group TCPUDP any object IPAddress Ending with:16 eq domain
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_8 any object IPAddress Ending with:17
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_9 any object IPAddress Ending with:18
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_10 any object IPAddress Ending with:19
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_11 any object IPAddress Ending with:20
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_12 any object IPAddress Ending with:21
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_13 any object IPAddress Ending with:22
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_14 any object IPAddress Ending with:23
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_15 any object IPAddress Ending with:24
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_16 any object IPAddress Ending with:25
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_17 any object IPAddress Ending with:26
access-list outside_access_in extended permit ip any object IPAddress Ending with:30
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_18 any object IPAddress Ending with:31
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_19 any object IPAddress Ending with:32
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_20 any object IPAddress Ending with:33
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_21 any object IPAddress Ending with:34
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_22 any object IPAddress Ending with:35
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_23 any object IPAddress Ending with:37
access-list outside_access_in extended permit object RDP any host IPAddress Ending with:38
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_24 any object IPAddress Ending with:40
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_25 any object IPAddress Ending with:41
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_26 any object IPAddress Ending with:42
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_27 any object IPAddress Ending with:43
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_28 any object IPAddress Ending with:44
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_30 any object IPAddress Ending with:46
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_29 any object IPAddress Ending with:45
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_31 any object IPAddress Ending with:47
access-list outside_access_in extended permit tcp any object IPAddress Ending with:48 object-group DM_INLINE_TCP_1
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_32 any object IPAddress Ending with:49
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_33 any object IPAddress Ending with:54
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_34 any object IPAddress Ending with:55
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_35 any object IPAddress Ending with:56
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_36 any object IPAddress Ending with:57
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_37 any object IPAddress Ending with:58
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_38 any object IPAddress Ending with:59
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_39 host 94.211.28.251 object IPAddress Ending with:51
access-list outside_access_in extended deny ip 64.191.112.0 255.255.255.0 any
access-list global_access extended deny ip any object IPAddress Ending with:15 inactive
access-list global_access extended deny object-group TCPUDP any any
access-list inside_access_in extended permit object-group TCPUDP any any eq domain inactive
access-list inside_access_in extended permit ip IPAddress Ending with:0 255.255.255.192 any
access-list outside_mpc extended permit object-group DM_INLINE_PROTOCOL_1 any object-group DM_INLINE_NETWORK_2
!
tcp-map DefTCPMap
!
pager lines 24
logging enable
logging timestamp
logging buffered notifications
logging trap informational
logging asdm informational
logging host inside IPAddress Ending with:51
logging debug-trace
mtu inside 1500
mtu outside 1500
ip address IPAddress Ending with:1 255.255.255.192
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
access-group global_access global
route outside 0.0.0.0 0.0.0.0 IPAddress Ending with:62 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http IPAddress Ending with:0 255.255.255.192 inside
http 94.211.28.251 255.255.255.255 outside
http 83.161.233.154 255.255.255.255 outside
http 94.209.180.8 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 94.211.28.251 255.255.255.255 outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 85.17.207.62
ntp server 195.191.112.46 source outside
!
class-map inspection_default
match default-inspection-traffic
class-map outside-class
match access-list outside_mpc
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum client auto
  message-length maximum 512
  id-randomization
  id-mismatch action log
  tsig enforced action log
policy-map global_policy
class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
  inspect dns preset_dns_map dynamic-filter-snoop
policy-map outside-policy
class outside-class
  set connection conn-max 200 embryonic-conn-max 200 per-client-max 200 per-client-embryonic-max 200
  set connection advanced-options DefTCPMap
!
service-policy global_policy global
service-policy outside-policy interface outside
prompt hostname context
hpm topN enable
Cryptochecksum:9191decf41af4221c1405fddc2d3e4fa
: end
no asdm history enable

TIA

Ernst

Labels:
0 Helpful
1 Reply 1

Kureli Sankar
Cisco Employee
Cisco Employee

‎01-29-2011 05:33 AM

Has this been resolved?

With this being UDP flood there is not much you can do.

You can limit the conn-max (both tcp and udp)

http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/s1.html#wp1447178

But by doing that if the udp conns take up the connections specified then, legitimate tcp connection will fail.

The best thing to do in this case is to reach out to the ISP and provide them with the IP address that is sending these flood of packets and ask them to block it on their end.

Most of the ISPs have this setup already in place which is called RTBH (Remotely Triggered Black Hole). Here is an interesting white paper article that you can read: www.cisco.com/web/about/security/intelligence/blackhole.pdf

-KS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card