ASA: Question about the function of Basic Threat Detection

Answered Question
Dec 2nd, 2009

Hello everyone,

I have a question about the function of Basic Threat Detection on ASA 8.0.

I understand the function of mitigating/preventing network attacks/threats supported by ASA are as follows,

1: Packet Filtering (ACL)
2: Stateful Inspection
3: Application Inspection
and
4: Basic Threat Detection

I think the Basic Threat Detection just performs to gather and monitor the number of dropped packets due to potential attacks and sends syslog message (730100/730101) if the specified object exceeds the specified burst/average threshold rate.

I mean that Basic Threat Detection does NOT perform appropriate action(s) against potential attacks, such as dropping packets, sends TCP RST and so on like Packet Filtering, Stateful Inspection and Application Inspection to mitigate/prevent from network potential attacks.

Is my understating correct?

Your information would be appreciated.

Shinichi

I have this problem too.
0 votes
Correct Answer by Pedro Ivo Santo... about 6 years 12 months ago

Hi Shinichi,

Yes, you are right!

Basic threat detection does not take any direct action over the traffic.

There are levels of drops that are acceptaple. What this feature does is monitor the drops rate and if any of them reaches levels that would indicate a threat, it sends a syslog to warn that something is looking like an attack.

Hope this answers your question.

Cheers,

Pedro

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Pedro Ivo Santo... Mon, 12/07/2009 - 11:55

Hi Shinichi,

Yes, you are right!

Basic threat detection does not take any direct action over the traffic.

There are levels of drops that are acceptaple. What this feature does is monitor the drops rate and if any of them reaches levels that would indicate a threat, it sends a syslog to warn that something is looking like an attack.

Hope this answers your question.

Cheers,

Pedro

snakayama Mon, 12/07/2009 - 16:54

Hi Pedro,

Thank you very much for your reply.
I understand what you said.

Best regards,

Shinichi

Actions

This Discussion