security to stop icmp packet from outside

Unanswered Question
Sep 28th, 2010

what is the command i can use in

asa 5510 and 5520 to stop icmp packet of my public ip to ruin attac

k of DOS after certain amount of time . lets say 5 minutes i want to stop icmp service of my public ip interface3

Thanks

Rajat

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Tue, 09/28/2010 - 06:54

You can specifically only stop suspicious icmp packet from outside, however, you can turn on basic threat detection feature and change the icmp rate. Threat detection will be applied globally (not interface specific).

Here is the command to change the threat detection rate for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/t.html#wp1526399

Hope that helps.

r.kukreja Tue, 09/28/2010 - 08:15

I AM using 7.0 version i did not find any command like threat-de

tection kindly help. can it be configure with cbac access

list with time range limit

Jennifer Halim Tue, 09/28/2010 - 15:50

Unfortunately you can't configure CBAC on ASA to check the rate of ICMP, and threat-detection is only available from version 8.0.2 onwards and has become more stable on the latest version (8.2.x).

Actions

This Discussion