fropert Tue, 01/01/2008 - 09:46
User Badges:



First, the IP audit feature. This one contains approximately 50 basic signatures on IP, ICMP, TCP flags, DNS, UNIX RPCs and fragmentation.

These sigs are classified into 2 families: Informational and Attacks.

You can define a policy on Informational sigs and another policy on Attacks sigs for each interface (policy-to-interface mappings).

The policy configuration considers 2 things:

- Does an alarm should be generated ?

- If the triggered packets will drop, reset or pass

Second, ASA now have a feature called "Threat Detection".

This feature detect DoS and scanning (nmap scans by example) attacks and give you statistics about threats.

Scanning IP source can be shuned.

Hope it will help you!


Jens Becker Sat, 01/12/2008 - 04:19
User Badges:

The Threat Detection feature comes with version 8.x. You can find it in ASDM under "Configuration" -> "Firewall" -> "Threat Detection"

or on the cli (example):

threat-detection basic-threat

threat-detection scanning-threat shun except object-group admin

threat-detection statistics

For configuring ip-audit first you must configure new IP-Audit policies.


This Discussion