Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

regarding DoS of icmp packets

what is the command i can use in

asa 5510 and 5520 to stop icmp packet of my public ip to ruin attac

k of DOS after certain amount of time . lets say 5 minutes i want to stop icmp service of my public ip interface

I AM using 7.0 version i did not find any command like threat-de

tection kindly help. can it be configure with cbac access

list with time range limit



Cisco Employee

Re: regarding DoS of icmp packets

It appears as though what you want to do is block ICMP flood attacks or Smurf attacks.

If that is the case then your best option is an IPS. The AIP-SSM module is actually an IPS module that can be integrated into the ASA itself.

If however you do not wish to use an IPS then the next best option is threat detection on an ASA, but that was introduced only in 8.0, so you'll have to run 8.x code in order to use it. Which is why, you are unable to find the command in 7.0

Regarding time bases ACLs, there are such things, but they don't work the way you intend them to. A time based ACL kicks in at a certain time and can be removed after a certain period of time.

CreatePlease to create content