Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12897
Views
0
Helpful
2
Replies

Protected servers under syn attack!!

Go to solution
Sundeep Dsouza
Level 1
Level 1

‎02-05-2011 11:43 PM - edited ‎03-11-2019 12:45 PM

The firewall dashboard has a window at the right lower portion of ASDM and it displays Top 10 protected servers under SYN attack.  Refer to the attached picture.

In this scenario the server IP 82.214.154.223 seems to be getting SYN attacks from one of my internal network PC. This server 82.214.154.223 does not belong to us, a whois query tells me that the IP originates from Poland with no hostname address.

I should have been seeing attacks only for servers belonging to my network right? Like an attack from Outside public IP towards my Server public IP, or is it that this feature provides two way statistics where it also displays attack originating from my lan towards outside world. From what I see, I feel it displays two way attacks. Correct me if I am wrong.

Regards

1 person had this problem
Labels:
Preview file
26 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-06-2011 02:33 AM

Yes, it is protecting both directions of the traffic passing through the ASA, inbound and outbound by default.

It looks like your internal host is attacking the 82.214.154.223 host, or it might be some software that is trying to reach 82.214.154.223, however, this host is not responding. Might be peer to peer file sharing or other similar sort of application.

There are different types and features of threat detection, and here is more information for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/protect_threat.html

Hope that helps.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎02-06-2011 02:33 AM

Yes, it is protecting both directions of the traffic passing through the ASA, inbound and outbound by default.

It looks like your internal host is attacking the 82.214.154.223 host, or it might be some software that is trying to reach 82.214.154.223, however, this host is not responding. Might be peer to peer file sharing or other similar sort of application.

There are different types and features of threat detection, and here is more information for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/protect_threat.html

Hope that helps.

0 Helpful

Go to solution
aamircisco
Level 1
Level 1
In response to Jennifer Halim

‎06-03-2013 04:58 AM

Hi,

below is the output of the # sh threat-detection rate command. can anyone explain me the vulnerabilities and risks by looking at the figures below. thanks

                          Average(eps)    Current(eps) Trigger      Total events

  10-min ACL  drop:                  1               0       0               672

  1-hour ACL  drop:                  1               0       0              4654

  10-min SYN attck:                  0               0       0               386

  1-hour SYN attck:                  0               0       0              3428

  10-min  Scanning:                  2               1   55503              1248

  1-hour  Scanning:                  2               2   18455              9177

  10-min Bad  pkts:                  0               0       0               184

  1-hour Bad  pkts:                  0               0       0              1089

  10-min  Firewall:                  1               0       0               862

  1-hour  Firewall:                  1               1       0              5749

  10-min DoS attck:                  0               0       0                 6

  1-hour DoS attck:                  0               0       0                 6

  10-min Interface:                  1               0       0              1034

  1-hour Interface:                  1               1       0              6616

regards,

AAMIR

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card