ASA 5520 False SYN attacks?

Unanswered Question
Nov 3rd, 2009
User Badges:

I noticed that our ASA firewall is showing false SYN attacks. When I look at them, I see such things as our AS400 sending print jobs to a remote facility with an IPSEC tunnel, another example is our PC's connecting to an outsourced content filtering solution.

Is there any way to tell the Cisco ASA firewall that these are not SYN attacks and that its acceptable traffic?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Wed, 11/04/2009 - 07:17
User Badges:
  • Cisco Employee,

Is threat detection showing those as SYN attacks?

If yes I don't think there is something you can do to exclude these hosts from being flagged.

But you can change the attack threat detection thresholds on your ASA so that it doesn't bark about attacks.

I hope it helps.



This Discussion