One of our customers webserver is hosted with us and its behind the ASA & IPS with standard IPS configuration. I have also enabled some signatures related to IIS n DDOS. The website is constantly under DDOS attack from various IP addresses, each single IP address with different source ports is opening more than 20 session at a time to the web server n consuming the server resources and bandwidth, the IPS is not able to detect this. I have also enabled netflow on ASA for this server and the netflow report showing normal with different source IP addresses and ports. The webserver is constantly under attack even when it is present with other DSP/ISP.
Is there option I need to configure in IPS or ASA to stop this. The IPS signature is latest updated.
Thanks for the info, I have set the per-client-embryonic-max n per-client-max to 5 with proper policy-map n class-map, but I dont know whether its in effect or not. Is there any way to see the hits for this?
I have enabled all the default DDOS n webserver related high risk signatures but none of them seems to hit. I created a new Service HTTP signature with Max Header Filed Length to 20 and Maximum Request Field Length to 20, it has stopped 50% hits for this server, but it also stopping access to some other web servers. Is there any way I can enable this signature only for a particular webserver instead of whole traffic going thru the IPS.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :