Query on Cisco ASA Configuration.

Mahi Gurram · ‎01-20-2014

Hello All,

How can i protect my ASA firewall against:

1. Denial of Service (Land Attack)

2. SYN Flood attack

Please let me know the CLI commands to do it.

Thanks in advance.

-Mahi

Mariusz Bochen · ‎01-20-2014

Hi Mahi,

Simple and effective way to prevent some of these is to set embryonic connection limit on all static NAT entries which are facing outside interface.

Command depend on which IOS you are running. More info here:

http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

Table 11 shows both (old and new) config example.

Hope that helps.

Obviously the best solution is to get an IPS.

Regards

Mariusz

Mahi Gurram · ‎01-23-2014

Hi Mariusz Bochen,

Thank you so much for your response.

Can't ASA handle these kind of attacks by default?

Anyways your answer is helpful.

Thanks & Best Regards,

Mahi

Julio Carvajal · ‎01-24-2014

Hello Mahi,

Actually it does.

I mean for Land Attacks the ASA will generate the following message:

%ASA-session-2-106017: Deny IP due to Land Attack from to

This by default.

Know for SYN flood attack you can relay on things such as treath detection but you could also configure more restrictive security policies with MPF to avoid the unnecesary flood of traffic.

Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC