12-02-2009 10:50 PM - edited 03-11-2019 09:45 AM
Hello everyone,
I have a question about the function of Basic Threat Detection on ASA 8.0.
I understand the function of mitigating/preventing network attacks/threats supported by ASA are as follows,
1: Packet Filtering (ACL)
2: Stateful Inspection
3: Application Inspection
and
4: Basic Threat Detection
I think the Basic Threat Detection just performs to gather and monitor the number of dropped packets due to potential attacks and sends syslog message (730100/730101) if the specified object exceeds the specified burst/average threshold rate.
I mean that Basic Threat Detection does NOT perform appropriate action(s) against potential attacks, such as dropping packets, sends TCP RST and so on like Packet Filtering, Stateful Inspection and Application Inspection to mitigate/prevent from network potential attacks.
Is my understating correct?
Your information would be appreciated.
Shinichi
Solved! Go to Solution.
12-07-2009 11:55 AM
Hi Shinichi,
Yes, you are right!
Basic threat detection does not take any direct action over the traffic.
There are levels of drops that are acceptaple. What this feature does is monitor the drops rate and if any of them reaches levels that would indicate a threat, it sends a syslog to warn that something is looking like an attack.
Hope this answers your question.
Cheers,
Pedro
12-07-2009 11:55 AM
Hi Shinichi,
Yes, you are right!
Basic threat detection does not take any direct action over the traffic.
There are levels of drops that are acceptaple. What this feature does is monitor the drops rate and if any of them reaches levels that would indicate a threat, it sends a syslog to warn that something is looking like an attack.
Hope this answers your question.
Cheers,
Pedro
12-07-2009 04:54 PM
Hi Pedro,
Thank you very much for your reply.
I understand what you said.
Best regards,
Shinichi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide