Denied Attackers - Maximum?

Unanswered Question
Aug 8th, 2008
User Badges:

Does anyone know where I can find out the maximum number of denied attackers the ASA-SSM-10 running 6.1(1)E2 can handle? I see where you can set a timeout and total number for the denied hosts and denied network blocks but I haven't been able to find anything for the max number of denied attackers.

I'm am using this for a signature that is sometimes popular on our network and I'm concerned about impacting the performance of my IPS.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Fri, 08/08/2008 - 07:22
User Badges:
  • Gold, 750 points or more

The default number of blocked hosts is 250. You can see this with a "sh stat net" command. This can be configured from

conf t

service net



marcabal Fri, 08/08/2008 - 09:54
User Badges:
  • Cisco Employee,

Blocks are different than Denies.

Blocks are for the modification of configuration on Switches, Routers, or Firewalls to get the other device to drop the traffic.

Denies are when the sensor itself drops the packets. The sensor must be operated in InLine mode for Denies to work.

To configure the max number of Denied Attackers you follow a similar procedure as rhermes posted, but it is controlled in the service event-action-rules rules0 configuration.

conf t

service event-action-rules rules0


max-denied-attackers 10000

The default I believe is 10,000, but can be configured to be much higher or lower. Increasing this number could have a performance affect on your sensor, so be carefull when increasing this above 10,000.


This Discussion