Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
530
Views
5
Helpful
2
Replies

ASA: Question about the function of Basic Threat Detection

Go to solution
snakayama
Level 3
Level 3

‎12-02-2009 10:50 PM - edited ‎03-11-2019 09:45 AM

Hello everyone,

I have a question about the function of Basic Threat Detection on ASA 8.0.

I understand the function of mitigating/preventing network attacks/threats supported by ASA are as follows,

1: Packet Filtering (ACL)
2: Stateful Inspection
3: Application Inspection
and
4: Basic Threat Detection

I think the Basic Threat Detection just performs to gather and monitor the number of dropped packets due to potential attacks and sends syslog message (730100/730101) if the specified object exceeds the specified burst/average threshold rate.

I mean that Basic Threat Detection does NOT perform appropriate action(s) against potential attacks, such as dropping packets, sends TCP RST and so on like Packet Filtering, Stateful Inspection and Application Inspection to mitigate/prevent from network potential attacks.

Is my understating correct?

Your information would be appreciated.

Shinichi

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pedro Ivo Santos Mauri
Cisco Employee
Cisco Employee

‎12-07-2009 11:55 AM

Hi Shinichi,

Yes, you are right!

Basic threat detection does not take any direct action over the traffic.

There are levels of drops that are acceptaple. What this feature does is monitor the drops rate and if any of them reaches levels that would indicate a threat, it sends a syslog to warn that something is looking like an attack.

Hope this answers your question.

Cheers,

Pedro

View solution in original post

2 Replies 2

Go to solution
Pedro Ivo Santos Mauri
Cisco Employee
Cisco Employee

‎12-07-2009 11:55 AM

Hi Shinichi,

Yes, you are right!

Basic threat detection does not take any direct action over the traffic.

There are levels of drops that are acceptaple. What this feature does is monitor the drops rate and if any of them reaches levels that would indicate a threat, it sends a syslog to warn that something is looking like an attack.

Hope this answers your question.

Cheers,

Pedro

Go to solution
snakayama
Level 3
Level 3
In response to Pedro Ivo Santos Mauri

‎12-07-2009 04:54 PM

Hi Pedro,

Thank you very much for your reply.
I understand what you said.

Best regards,

Shinichi

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card