Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5585 - Can I shun syn attacks as well as scanning threats?

Hello,

I see that with threat-detection enabled and configured, I can use the "threat-detection scanning-threat shun duration [time in seconds]" to shun IPs that are scanning for open ports.

Is there a way to shun syn-attacks that I have a threshold set for?

For example I can configure this:

 threat-detection rate syn-attack rate-interval 600 average-rate 30 burst-rate 45

But I don't see an option to "threat-detection syn-attack shun".

This is on a 5585 running 8.2(5).

 

Thank you

 

1 REPLY
New Member

The answer to this is you can

The answer to this is you can not.  At least not in this way.

What you can do is create a policy-map on the outside interface (or add a class-map if you already have an existing policy-map on the outside) and under connection settings limit the amount of per client embryonic connections.

87
Views
0
Helpful
1
Replies