regarding DoS of icmp packets

Unanswered Question
Sep 28th, 2010
User Badges:

what is the command i can use in

asa 5510 and 5520 to stop icmp packet of my public ip to ruin attac

k of DOS after certain amount of time . lets say 5 minutes i want to stop icmp service of my public ip interface


I AM using 7.0 version i did not find any command like threat-de

tection kindly help. can it be configure with cbac access

list with time range limit


thanks,

Rajat

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Atri Basu Fri, 10/01/2010 - 11:31
User Badges:
  • Cisco Employee,

It appears as though what you want to do is block ICMP flood attacks or Smurf attacks.


If that is the case then your best option is an IPS. The AIP-SSM module is actually an IPS module that can be integrated into the ASA itself.


If however you do not wish to use an IPS then the next best option is threat detection on an ASA, but that was introduced only in 8.0, so you'll have to run 8.x code in order to use it. Which is why, you are unable to find the command in 7.0


Regarding time bases ACLs, there are such things, but they don't work the way you intend them to. A time based ACL kicks in at a certain time and can be removed after a certain period of time.

Actions

This Discussion