01-20-2014 04:33 AM - edited 03-11-2019 08:32 PM
Hello All,
How can i protect my ASA firewall against:
1. Denial of Service (Land Attack)
2. SYN Flood attack
Please let me know the CLI commands to do it.
Thanks in advance.
-Mahi
01-20-2014 08:15 AM
Hi Mahi,
Simple and effective way to prevent some of these is to set embryonic connection limit on all static NAT entries which are facing outside interface.
Command depend on which IOS you are running. More info here:
http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html
Table 11 shows both (old and new) config example.
Hope that helps.
Obviously the best solution is to get an IPS.
Regards
Mariusz
01-23-2014 11:32 PM
Hi Mariusz Bochen,
Thank you so much for your response.
Can't ASA handle these kind of attacks by default?
Anyways your answer is helpful.
Thanks & Best Regards,
Mahi
01-24-2014 04:28 AM
Hello Mahi,
Actually it does.
I mean for Land Attacks the ASA will generate the following message:
%ASA-session-2-106017: Deny IP due to Land Attack from
This by default.
Know for SYN flood attack you can relay on things such as treath detection but you could also configure more restrictive security policies with MPF to avoid the unnecesary flood of traffic.
Looking for some Networking Assistance?
Contact me directly at jcarvaja@laguiadelnetworking.com
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide