So with scanning and syn attacks pretty much enabled, I'm left with one other detail of how to stop abusive scrappers, crawlers, etc. Has anyone been able to utilize the ASA to stop these type of activiaties? I'm currently doing it manually by reacting to an IP that begins to show up in the top 10 usage list. The abusers basically make obscene amount of HTTP requests and having the ASA automatically proactively detect a scrapper and block them would be great.
Anyone have insight on this?
Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).
And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.
You could use an AIP (intrusion prevention) module in your ASA. You would probably have to create a custom signature, but that's not too hard.
Hope that helps.